[ISN] College student refutes charges he is high-level hacker

From: InfoSec News (isnat_private)
Date: Tue Dec 04 2001 - 00:49:42 PST

  • Next message: William Knowles: "[ISN] Just a little programming note..."

    http://www.siliconvalley.com/docs/news/tech/078319.htm
    
    Milwaukee Journal Sentinel 
    Monday, Dec. 3, 2001 
    
    On Dec. 8, 1999, a network administrator for Qualcomm Inc. called the
    University of Wisconsin-Madison to report that he had traced a
    break-in of his company's computer system back to the school.
    
    Someone had obtained the highest level of access at Qualcomm, Scott
    Kennedy told school officials. The intruder had stolen user names and
    passwords and could sort through confidential company information.
    
    By 3 o'clock the next morning, school police and a university
    cybersleuth had cornered Jerome Heckenkamp in the stairwell of his
    dormitory and asked for the password for his personal computer.
    
    Court records say Heckenkamp chuckled when he gave it up.
    
    ``Hackme,'' he told them.
    
    In two separate cases, government prosecutors accused Heckenkamp of
    breaking into Qualcomm and other corporate computer systems while he
    was a student. Heckenkamp, who they say called himself ``MagicFX,''
    was also accused of tampering with an unidentified witness.
    
    All told, prosecutors claim he caused more than $1 million damage, but
    they have not detailed exactly what he did.
    
    The first of his trials is set to begin Dec. 11 in San Diego. A second
    will be held in San Jose. If convicted on all counts, Heckenkamp could
    serve 120 years in prison and pay $5.75 million in fines.
    
    Through his attorney, Heckenkamp, now 22, declined to be interviewed
    for this story, but has said he is innocent and told university police
    and students who lived in his dorm that someone -- he didn't know who
    -- used his PC to break into other computers.
    
    His case illustrates how investigators track down hackers and how
    seriously corporations and the government take the prospect of illegal
    entry into computer systems. It also raises contentious privacy issues
    over how much control a college can have over a student's private
    computer.
    
    There also is Heckenkamp's own story.
    
    A home-schooled prodigy from the Town of Lisbon, Wis., Heckenkamp
    first went to college when he was 14 and worked at the Los Alamos
    National Laboratory at the time of his arrest. He taught himself
    algebra during his grade school years and spent only a year in public
    school before going to University of Wisconsin-Waukesha.
    
    At 16, he enrolled at UW-Madison, double-majored in math and computer
    science, and finished a master's (degree) in computer science at 19.
    
    But there were also signs well before his arrest that computers were
    becoming a problem for Heckenkamp.
    
    The Waukesha County Sheriff's Department visited the Heckenkamp home
    four times in 1996 and 1999, records show. Three of the visits came
    after disputes between Heckenkamp and his father over his use of the
    computer.
    
    The Qualcomm story begins in the fall of 1999 when the company's
    security personnel noticed someone was breaking into their system. The
    government charged that Heckenkamp first cracked into a computer at
    the San Diego-based company on Oct. 12 and made a series of hacks on
    Dec. 2 and Dec. 3.
    
    According to court records, the hacker gained access to seven
    different computers at the Fortune 500 company, stashed stolen user
    names and passwords in encrypted files and left software on each
    machine so he could come and go as he pleased.
    
    The intruder obtained what is known as ``root'' authority -- the
    highest level of control of a computer. That authority allowed the
    person to modify files at will.
    
    In a key misstep, the hacker left electronic footprints that allowed
    Kennedy to track him across three computer networks to a cluster of
    UW-Madison computers that handles e-mail for 60,000 people.
    
    Kennedy called the school.
    
    On Dec. 8, 1999, the university's network staff began combing through
    its e-mail server, and just like at Qualcomm, found that someone had
    grabbed user names and passwords and stored them in a file in the
    school's computer.
    
    ``It was very worrisome,'' Jeffrey Savoy told the court in San Diego
    during a hearing in July when the school network investigator
    discovered someone had broken in and obtained root authority.
    
    ``You are allowed to do anything on that machine you want.''
    
    As Savoy rummaged through the file of stolen user names and passwords,
    he recognized the pilfered identities of several university employees
    -- including his own.
    
    PCs tied to the school's network have their own unique address, and in
    a second mistake, the hacker failed to hide his own address, according
    to the government. Savoy, who said under cross-examination that he is
    sometimes called ``007 dotcom,'' was able to trace the address to
    Heckenkamp.
    
    Savoy was familiar with Heckenkamp because in 1997 university
    officials had disciplined the student after an unauthorized break-in
    of a Philadelphia Internet service provider. Savoy also knew that
    Heckenkamp was close to finishing his master's (degree) in computer
    science.
    
    Savoy put a block on Heckenkamp's account so he could not get onto the
    Internet.
    
    With finals approaching, Savoy said he was alarmed that the hacker
    could damage a key part of the school infrastructure.
    
    When he got home that night, Savoy logged on again and discovered that
    whomever was using Heckenkamp's account -- he thought it was
    Heckenkamp -- had switched to another university account -- and was
    back online.
    
    ``I felt a heightened alert (that UW-Madison's computers) could be
    compromised,'' Savoy testified.
    
    ``If the intruder at this point knows that he's being investigated,
    based on my past experiences, they could burn bridges and that could
    entail destroying whole machines to cover their tracks.''
    
    This is when Savoy used his security clearance to peer into the files
    of the computer now in use under the switched account. He found hacker
    tools. Savoy was almost certain he was dealing with Heckenkamp.
    
    The FBI's office in San Diego, meanwhile, was talking to the FBI in
    Madison, and Savoy and the UW-Madison police also were phoning back
    and forth. Savoy and the police decided to go to Heckenkamp's dorm to
    find out whose computer was involved.
    
    Using housing records, they first went to the room assigned to the
    account that had been switched. They woke up the students, examined
    the contents of the computer and concluded it was not involved.
    
    Then they went to Heckenkamp's room. The door was partially open.
    Savoy could see that Heckenkamp's computer was connected to the school
    network. According to court records, Savoy walked in and disconnected
    it from the network.
    
    As they left the room, Heckenkamp walked up. After giving up his
    password, Savoy asked to copy the contents of his hard drive, which
    would tell authorities everything that was on the computer.
    
    Here the testimony differs widely.
    
    Heckenkamp said he did not give permission, but Savoy and several
    police officers testified that he did.
    
    Savoy found the same hacker tools that he had seen previously. Later
    that day, the FBI obtained a search warrant and removed Heckenkamp's
    Compaq Presario and other items, including the book, ``The Hacker
    Crackdown.''
    
    Jennifer Granick, Heckenkamp's attorney and clinical director at the
    Center for Internet and Society at Stanford University, has frequently
    assailed the government's overzealous prosecution of hacker cases.
    
    In this case, she believes that UW-Madison and its police invaded
    Heckenkamp's privacy.
    
    Granick charges that Savoy improperly tapped Heckenkamp's private dorm
    computer from a remote computer and looked through his files.
    
    ``The officers could have simply disconnected the computer from the
    wall, walked out, closed the dorm room and waited for a warrant to
    arrive,'' she said in court documents.
    
    UW-Madison officials have defended Savoy's actions, and Federal Judge
    Napoleon A. Jones Jr., who is presiding over the San Diego case, has
    sided with the government by ruling that the school's searches were
    proper and the evidence against Heckenkamp could be used in the trial.
    
    But the privacy issue is not dead because the judge in San Jose has
    agreed to take it up again.
    
    The government has not publicly detailed Heckenkamp's alleged exploits
    as MagicFX beyond charging that he hacked into a half dozen other
    companies, including eBay Inc. and E(ASTERISK)Trade Inc., over a
    nine-month period.
    
    Kevin Pursglove, a spokesman for eBay, said the company reported a
    March 1999 hack into the company's network by someone purporting to be
    MagicFX.
    
    In 1999, a hacker identifying himself as MagicFX detailed to Forbes
    magazine how he broke into eBay on March 13, 1999 -- Heckenkamp would
    have been 19 -- and briefly took down the company's home page and
    replaced it with a message that read, in part:
    
    ``Proof by MagicFX that you can't always trust people.''
    
    MagicFX told Forbes he hacked eBay because he said he wanted to see
    how large electronic commerce sites work. He also bragged that he had
    broken into other sites, including monicalewinsky.com because he was
    ``anti-Clinton.''
    
    Another curious aspect of Heckenkamp's case is that he was hired at
    Los Alamos while under investigation by the FBI. The federal research
    lab in New Mexico is where atomic weapons were developed and tested
    during World War II.
    
    Heckenkamp was hired in June 2000, about seven months after his dorm
    room was searched. In July, the FBI told Los Alamos officials that
    their new employee was a suspect in a spate of computer hacks.
    
    Heckenkamp was arrested in January of this year in New Mexico while he
    was working at Los Alamos. His job: Find vulnerabilities in the lab's
    computer network.
    
    ``He was good at what he did, obviously,'' spokesman James D.
    Danneskiold said.
    
    While the lab was aware of an FBI investigation, ``an investigation
    does not imply that someone is guilty of any crime,'' Danneskiold
    said.
    
    Heckenkamp was fired after his arrest.
    
    ``Heckenkamp's managers were very careful to make sure he had no
    access to classified data whatsoever,'' Danneskiold said.
    
    Although some of Heckenkamp's supporters say the government has tried
    to settle the case, both the government and his lawyers declined to
    comment on whether a plea bargain was discussed.
    
    Only six hackers are currently serving time in federal prisons,
    according to Kevin Poulsen, a convicted hacker turned journalist who
    reports on computer security issues.
    
    ``It is almost unheard of for a hacker case to go to trial,'' Poulsen
    said.
    
    ``This case, there is no confession. Normally hackers will talk about
    it.''
    
    Heckenkamp grew up in a part of the Town of Lisbon, where farm fields
    mingle with subdivisions.
    
    One of his closest friends is his cousin, Joel Heckenkamp, a student
    at UW-Whitewater, who lived nearby.
    
    Joel Heckenkamp said that his cousin does not fit the model of the
    stereotypical hacker. While not a social gadfly, he did not seem
    overly interested in computers, and he had other interests.
    
    ``We skateboarded and we built our own ramps,'' said Joel Heckenkamp,
    now a college wrestler. ``We camped a lot and would go out into the
    woods near Jerome's house.''
    
    But even before his arrest, computers had gotten Heckenkamp into
    trouble.
    
    Heckenkamp was disciplined by UW-Madison in 1997 -- he would have been
    about 16 -- for an unauthorized break-in to the Philadelphia ISP.
    UW-Madison officials declined to elaborate on the matter.
    
    As a teenager, there were disputes in 1996 and 1999 at home involving
    his computer use -- prompting the visits from the Waukesha County
    Sheriff's Department, records show.
    
    In the last incident, on March 10, 1999 when he was 19, Jerome turned
    over a chair in the living room and knocked a flashlight out of his
    father's hand after Thomas Heckenkamp told his son he did not want him
    to go on the Internet.
    
    Charges of disorderly conduct against Jerome later were dropped.
    
    ``I don't think that it was so much about computers as it was the time
    of the day he was using them,'' said Thomas Heckenkamp, a steadfast
    defender of his son's innocence against the hacker charges.
    
    Jerome Heckenkamp is free on $50,000 bond and now lives in San Jose so
    he can help prepare for his trial. As a condition of his bond,
    Heckenkamp can not use the Internet.
    
    He is doing computer work for a wealthy Californian who put up his
    bail and is teaching at a private school founded by the businessman's
    family. Joel Bumb's family business interests include Bay 101, a San
    Jose gaming club and the San Jose Flea Market. The flea market is
    reputed to be the largest venue of its kind in the country.
    
    Bumb has read many of the documents in the case and is ``completely
    convinced'' of Heckenkamp's innocence, he said in a fax to the
    Milwaukee Journal Sentinel. He said his family and the Heckenkamp
    family were introduced by a mutual friend.
    
    ``After meeting Jerome and becoming acquainted with him, I was taken
    by his unassuming nature.'' Bumb said. ``Jerome mixes youthful
    innocence with a mature view of the situation.''
    
    Now, with his college days behind him, and the specter of to criminal
    trials before him, that ``youthful innocence'' will be put to the
    test.
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Dec 04 2001 - 11:29:37 PST