A now alerted and considerably paranoid BellSouth began searching switches right and left for signs of impropriety, in that hot summer of 1989. No fewer than forty-two BellSouth employees were put on 12-hour shifts, twenty-four hours a day, for two solid months, poring over records and monitoring computers for any sign of phony access. These forty-two overworked experts were known as BellSouth's "Intrusion Task Force."
What the investigators found astounded them. Proprietary telco databases had been manipulated: phone numbers had been created out of thin air, with no users' names and no addresses. And perhaps worst of all, no charges and no records of use. The new digital ReMOB (Remote Observation) diagnostic feature had been extensively tampered with -- hackers had learned to reprogram ReMOB software, so that they could listen in on any switch-routed call at their leisure! They were using telco property to *spy!*
The electrifying news went out throughout law enforcement in 1989. It had never really occurred to anyone at BellSouth that their prized and brand-new digital switching-stations could be *re-programmed.* People seemed utterly amazed that anyone could have the nerve. Of course these switching stations were "computers," and everybody knew hackers liked to "break into computers:" but telephone people's computers were *different* from normal people's computers.
The exact reason *why* these computers were "different" was rather ill-defined. It certainly wasn't the extent of their security. The security on these BellSouth computers was lousy; the AIMSX computers, for instance, didn't even have passwords. But there was no question that BellSouth strongly *felt* that their computers were very different indeed. And if there were some criminals out there who had not gotten that message, BellSouth was determined to see that message taught.
After all, a 5ESS switching station was no mere bookkeeping system for some local chain of florists. Public service depended on these stations. Public *safety* depended on these stations.
And hackers, lurking in there call-forwarding or ReMobbing, could spy on anybody in the local area! They could spy on telco officials! They could spy on police stations! They could spy on local offices of the Secret Service....
In 1989, electronic cops and hacker-trackers began using scrambler-phones and secured lines. It only made sense. There was no telling who was into those systems. Whoever they were, they sounded scary. This was some new level of antisocial daring. Could be West German hackers, in the pay of the KGB. That too had seemed a weird and farfetched notion, until Clifford Stoll had poked and prodded a sluggish Washington law-enforcement bureaucracy into investigating a computer intrusion that turned out to be exactly that -- *hackers, in the pay of the KGB!* Stoll, the systems manager for an Internet lab in Berkeley California, had ended up on the front page of the *New York Times,* proclaimed a national hero in the first true story of international computer espionage. Stoll's counterspy efforts, which he related in a bestselling book, *The Cuckoo's Egg,* in 1989, had established the credibility of 'hacking' as a possible threat to national security. The United States Secret Service doesn't mess around when it suspects a possible action by a foreign intelligence apparat.
The Secret Service scrambler-phones and secured lines put a tremendous kink in law enforcement's ability to operate freely; to get the word out, cooperate, prevent misunderstandings. Nevertheless, 1989 scarcely seemed the time for half-measures. If the police and Secret Service themselves were not operationally secure, then how could they reasonably demand measures of security from private enterprise? At least, the inconvenience made people aware of the seriousness of the threat. If there was a final spur needed to get the police off the dime, it came in the realization that the emergency 911 system was vulnerable. The 911 system has its own specialized software, but it is run on the same digital switching systems as the rest of the telephone network. 911 is not physically different from normal telephony. But it is certainly culturally different, because this is the area of telephonic cyberspace reserved for the police and emergency services. Your average policeman may not know much about hackers or phone-phreaks. Computer people are weird; even computer *cops* are rather weird; the stuff they do is hard to figure out. But a threat to the 911 system is anything but an abstract threat. If the 911 system goes, people can die.
Imagine being in a car-wreck, staggering to a phone- booth, punching 911 and hearing "Tina" pick up the phone-sex line somewhere in New York! The situation's no longer comical, somehow.
And was it possible? No question. Hackers had attacked 911 systems before. Phreaks can max-out 911 systems just by siccing a bunch of computer-modems on them in tandem, dialling them over and over until they clog. That's very crude and low-tech, but it's still a serious business.
The time had come for action. It was time to take stern measures with the underground. It was time to start picking up the dropped threads, the loose edges, the bits of braggadocio here and there; it was time to get on the stick and start putting serious casework together. Hackers weren't "invisible." They *thought* they were invisible; but the truth was, they had just been tolerated too long.
Under sustained police attention in the summer of '89, the digital underground began to unravel as never before.
The first big break in the case came very early on: July 1989, the following month. The perpetrator of the "Tina" switch was caught, and confessed. His name was "Fry Guy," a 16-year-old in Indiana. Fry Guy had been a very wicked young man.
Fry Guy had earned his handle from a stunt involving French fries. Fry Guy had filched the log-in of a local MacDonald's manager and had logged-on to the MacDonald's mainframe on the Sprint Telenet system. Posing as the manager, Fry Guy had altered MacDonald's records, and given some teenage hamburger-flipping friends of his, generous raises. He had not been caught.
Emboldened by success, Fry Guy moved on to credit- card abuse. Fry Guy was quite an accomplished talker; with a gift for "social engineering." If you can do "social engineering" -- fast-talk, fake-outs, impersonation, conning, scamming -- then card abuse comes easy. (Getting away with it in the long run is another question). Fry Guy had run across "Urvile" of the Legion of Doom on the ALTOS Chat board in Bonn, Germany. ALTOS Chat was a sophisticated board, accessible through globe-spanning computer networks like BITnet, Tymnet, and Telenet. ALTOS was much frequented by members of Germany's Chaos Computer Club. Two Chaos hackers who hung out on ALTOS, "Jaeger" and "Pengo," had been the central villains of Clifford Stoll's CUCKOO'S EGG case: consorting in East Berlin with a spymaster from the KGB, and breaking into American computers for hire, through the Internet. When LoD members learned the story of Jaeger's depredations from Stoll's book, they were rather less than impressed, technically speaking. On LoD's own favorite board of the moment, "Black Ice," LoD members bragged that they themselves could have done all the Chaos break- ins in a week flat! Nevertheless, LoD were grudgingly impressed by the Chaos rep, the sheer hairy-eyed daring of hash-smoking anarchist hackers who had rubbed shoulders with the fearsome big-boys of international Communist espionage. LoD members sometimes traded bits of knowledge with friendly German hackers on ALTOS -- phone numbers for vulnerable VAX/VMS computers in Georgia, for instance. Dutch and British phone phreaks, and the Australian clique of "Phoenix," "Nom," and "Electron," were ALTOS regulars, too. In underground circles, to hang out on ALTOS was considered the sign of an elite dude, a sophisticated hacker of the international digital jet-set.