Noted & Notorious Hacker Feats

Hackerdom is divided into two parts: technologically adept and clever people, who could write a computer game in a night, and, sadly, irresponsible slimeballs, who hijack computer and phone systems for the heck of it. Here is a look at some of the amazing stunts that have been pulled by both hackers and crackers.


When Kevin D. Mitnick was finally bagged by the FBI on February 15, 1995, in Raleigh, North Carolina, he had been on the lam since 1992 from a three-year probation--part of his sentence from a 1989 conviction for stealing software from DEC. This accomplishment made him the first person convicted under a law against gaining access to an interstate computer network for criminal purposes. Mitnick also did a year in the slammer for that one. Physicist and computer security expert Tsutomu Shimomura assisted authorities in tracking Mitnick down this time, after Mitnick invaded Shimomura's own computer during an assault on San Diego Supercomputer Center systems. If the latest allegations stick, Mitnick faces a somewhat more stable future of up to 35 years in prison and $500,000 in fines.

Besides stealing DEC's VMS OS -- valued by DEC at a million dollars -- and necessitating some 18 months and $160,000 on DEC's part to defend its compromised computers and track him down, other alleged feats on Mitnick's resume include breaking into a California motor vehicles database, lifting 20,000 credit card account numbers from an on-line service, gaining control of New York and California telephone switching hubs via modem, eavesdropping on phone calls, mutating basic home telephones into quarter-demanding pay phones, and stashing data he filched from other networks in files of the California-based Well on-line service.

In addition to typing skills, Mitnick apparently has a knack for keeping a step ahead of pursuers by perusing their plans on their own E-mail systems, scanning police bands for mentions of his whereabouts, and using cellular phones. Mitnick has an interesting system for getting systems administrators to bestow upon him network access codes, passwords, and privileged status for accounts he controls--the keys to their computer kingdoms: He asks them to, disguising his true identity and offering some plausible tale. During his stays in jail, he is routinely forbidden to dial telephone numbers himself lest he wreak some phone-phreaking black magic havoc. He has denied ever cracking the NORAD (North American Air Defense) Command computer, a rumored exploit that supposedly inspired the movie War Games.


At 8 p.m. on November 2, 1988, 22-year-old Cornell University graduate student Robert Tappan Morris launched a worm program that he had written from an MIT account. Imagine his surprise upon learning that his worm -- designed specifically to traverse the Internet autonomously, finesse Unix loopholes he had laboriously researched, exploit the eccentricities of sendmail, scan lists of addresses for weak links, fool investigators into thinking it came from Berkeley, guess at passwords using a list of hundreds of common ones, and duplicate itself ceaselessly -- was causing trouble on the network.

This computer cancer multiplied exponentially, filling up memories, stuffing disk drives, and consuming execution resources until machines began crashing one after another. Within hours, more than 6000 computer systems -- fully one-tenth of the Internet -- had been brought to their knees, affecting businesses, universities, the federal government, NASA, and the Air Force. Days of round-the-clock work were required to purge the infection from the systems and remedy the injury that had been done. Workers and researchers lost days of active computer time. A new government team of experts, CERT (Computer Emergency Response Team), was organized specifically to deal with any future incidents like the Morris worm.

Because he had discussed his worm-to-be with friends for weeks before launch day, it did not take authorities long to put two and two together and zero in on Morris. One of the first to be tried and convicted under the Computer Fraud and Abuse Act of 1986, Morris faced possible sentences of up to five years in prison and $250,000 in fines but received a slap on the wrist: only three years of probation, 400 hours of community service, and a $10,000 fine. It was pointed out by his defense that the worm did not actually delete or modify any files--small comfort to those who had to deal with the mess and whose cost estimates ranged from a modest $15 million to over $100 million. Morris said he meant no harm.


Robert Morris, Sr., Robert T. Morris's father and by odd coincidence a computer security expert with the National Security Agency, used to vie with rival Ken Thompson, one of the inventors of Unix, when both worked for Bell Labs. Legend has it that Morris, Sr., once typed two specific characters into a terminal and brought down one of the first versions of Multics. Deja vu.


Clifford Stoll, by training an astronomer, by occupation a systems administrator at Lawrence Berkeley Laboratory, was investigating a 75-cent discrepancy in a supposedly defunct computer account that seemed to have been commandeered by an unauthorized user. The intruder was giving himself system privileges and creating accounts with names like Hunter, Jaeger, Benson, and Hedges. Although Stoll could have simply changed passwords, reassigned privileges, and so forth -- effectively slamming the door on the intruder -- he chose instead to monitor the intruder's on-line activity in the system. What the intruder was doing was using the LBL computers as a jumping-off point into the Arpanet, and then the Milnet (an unclassified military network), and thence to various Department of Defense computers on bases nationwide. From the files being examined, it was clear that the intruder was looking for secret American military information. Stoll was on the trail of a hacker spy.

The investigation took months, then years. By rigging connections that would page him whenever the intruder struck, Stoll was able to trace the connection back from LBL to a Tymnet node in McLean, Virginia, then to a bank of modems at Mitre Corp., and finally to West Germany. Stoll's girlfriend suggested using fake files as bait, a successful ruse that got the intruder to request defense information by mail, giving a name and address of one affiliate of the intruder. At that point, local police, the FBI, and the CIA became involved.

The intruder, it turned out, was one of a group of young German men hoping to get rich quick by peddling stolen software and information to the Soviet KGB. They began by selling stolen DEC software, then pilfered nonvital defense-related documents, and ended by selling each other down the river. Of the group, Karl Koch (aka Hagbard Celine, a fictional character that is, by contrast, a hero) committed suicide or was murdered -- no one ever determined which; Hans Huebner (aka Pengo, a penguin in a computer game) had all charges dropped due to his tender years; Dirk-Otto Brzezinski (or Dob) received a 14-month sentence and a $2500 fine; Peter Carl received a two-year sentence and a $1500 fine; and Markus Hess (the actual intruder with a penchant for certain brands of cigarettes) received a 20-month sentence and a $5000 fine. None of the defendants served any time. Stoll testified at the trial and later wrote a book about his experience, The Cuckoo's Egg (Doubleday, 1989).


It's not often that one programmer gets to define an entire genre of software, but Philip Zimmerman has done it. His PGP (Pretty Good Privacy) is a freeware program that uses RSA (Rivest-Shamir-Adleman) -style public-key encryption algorithms to create secure encrypted versions of sensitive documents that can be sent over the Internet as E-mail without fear of compromise. The intended recipient then uses his or her code to decrypt the document. The security of the algorithm is based on the computational difficulty of finding the prime factors (the "keys" to the code) of very large numbers.

Because the U.S. does not allow cryptographic hardware and software to be exported -- even when, as here, the essence of the algorithm is mathematical theory that anyone can learn -- Zimmerman has had a number of encounters with police types since PGP's debut in 1990. It seems strange that a democratic government would find itself among those opposing privacy, but computers make strange bedfellows.


In 1977, Ronald Rivest, Adi Shamir, and Leonard Adleman (the RSA of RSA public-key encryption) created a short message with their code and challenged all comers to crack it. Arjen K. Lenstra, a scientist at Bellcore (Bell Communications Research), took up the gauntlet in 1993 and in May 1994 announced that RSA-129 (so-called because its public key is 129 digits -- 429 bits -- long) had been cracked. RSA had to pony up $100, the reward offered for the feat.

The eight-month effort was no mere computer program. The complexity of finding the prime factors of large numbers required the organization of a "metacomputer": a loose confederation of many computers, each working on a piece of the problem. This particular project involved the spare execution cycles of some 1600 PCs and workstations and 600 teammates scattered along the Internet all over the country.

Not to worry about possible threats to security as a result of this particular code-cracking. First it's unlikely that such eight-month/1600-computer projects would go unnoticed. And second, actual real-life encryption uses keys 512 to 1024 -- or more -- bits long. A 1024-bit RSA key would require 3 x 10(11) MIPS-years to crack.

So, what did the decoded message say? "The magic words are squeamish ossifrage." Shoulda guessed.


In 1994, an unknown temporary worker at British Telecom used his boss's passwords, conveniently taped to the side of his computer monitor, to ferret out the secret not-published-in-any-directory phone numbers of Her Royal Majesty the queen, Prime Minister John Major, and several top-secret MI5 installations, among others. Freelance Scottish journalist Steve Fleming saw a scoop and sold the tale to The Independent. In the meantime, the list of phone numbers was also posted on the Internet before it was yanked by investigating officials. Then, the unknown temp turned out to be -- Steve Fleming. No one knows how many unexpected phone calls Her Majesty has had to field.


The many achievements of Sun Microsystems cofounder Bill Joy are legendary, and anyone would garner Joy a bust in the Unix wing of the Hacker Hall of Fame (to be constructed). In 1975, Joy became a Ph.D. student at UC Berkeley. Captivated by Unix, but unhappy with the ed line editor, he took the code for the em ("editor for mortals") editor (supplied by developer George Coulouris) and in a week produced most of the ex editor. In 1976, Joy wrote an improved Pascal compiler for Unix that became a standard Pascal programming tool. In 1978, he produced the first BSD (Berkeley Software Distribution) of utilities and began distributing BSD on tape. That same year, he created the vi editor and distributed the 2BSD (Second Berkeley Software Distribution). The 3BSD was a complete bootable system. In the early 1980s, Joy took the nascent TCP/IP and in a few weeks was running it satisfactorily between test machines. In one night, he wrote the utilities rcp, rlogin, and rsh for temporary use: They're still going. Joy also created the C shell for BSD, and it was subsequently adopted in AT&T's own Unix System V release 4.0. No one person has done for Unix what Joy has.


The self-styled LOD (Legion of Doom) was basically a bunch of fun-loving guys (fun here having the special meaning seizing control of telephone lines and switching equipment, eavesdropping on private phone conversations, unauthorized logging on to phone company computers, messing up telephone billing information, and helping others to do the same). Naturally, the pursuit of such a unique variety of fun requires some pretty specialized know-how, such as BellSouth's internal technical specifications for the 911 emergency telephone network. In 1990, the boys from LOD's Georgia franchise managed to overcome their ingrained bourgeois notions of personal property, purloined a copy, and were caught. The value of the document in question ranged from $20 to $24,639 to $70,000, with value definitely being in the eye of the beholder. BellSouth also maintained that the LODsters had lifted log-ins, passwords, and connect addresses with a value of $233,800 and that it had spent $1.5 million in fingering them and a further $3 million defending the company from them. Convicted defendants Franklin E. Darden, Jr., Adam E. Grant, and Robert J. Riggs were given sentences of 14 months, 14 months, and 21 months, respectively, and ordered to pay restitution of $233,000 to BellSouth. Life isn't always fair.


In contrast to the LOD (characterized by some as well-off, racist white guys), the MOD (Masters of Deception, whose initials were deliberately chosen to be one up on LOD) was a posse of multiethnic teenagers mainly in working-class Brooklyn and Queens. Their definition of fun was eerily similar, however, perhaps a tribute to the social empowerment possible with computers. This gang was adept at invading the systems and networks of powerful entities, including AT&T, Bank of America, TRW, and the National Security Agency, displaying a mastery of telephone, network, Unix, and VAX arcana to rival the experts in the invadees mentioned but using only the most basic equipment (like a Commodore 64). Besides the usual telephone-torturing shenanigans, the MODers could also access and circulate supposedly private credit reports. The MODs and the LODs were constantly staging skirmishes against each other, mainly in the form of bizarre phone pranks that caused great collateral damage to the phone service of innocent bystanders.

In 1991, investigators from a number of agencies, including New York Telephone's investigative unit, the FBI, and the Secret Service, used the first wiretaps ever in a hacker case to unmask the MODs. Members included Messrs. Mark Abene (Phiber Optik), Julio Fernandez (Outlaw), Eli Ladopoulos (Acid Phreak), John Lee (Corrupt), and Paul Stira (Scorpion). In 1993, Abene received a one-year sentence, while Ladopoulos and Stira each received six-month sentences, plus probation and community service time. Because they were teenagers at the time of the acts for which they were convicted, and because their subsequent behavior has been good, observers expressed regret at the sentences.


Besides everything else he did to help get the first Macintosh out the door, Andy Hertzfeld wrote all the first desk accessories. Most of these were written in assembly. However, to show that desk accessories could also be written in higher-level languages, Hertzfeld wrote a demonstration puzzle game desk accessory in Pascal. Like its plastic counterparts, users moved squares around until the numbers 1 to 9 were in order. As time began to get short, the decision was made that the puzzle, at 7 KB, was too big (and too game-like) to ship with the first Macintosh. In a single weekend, Hertzfeld rewrote the program to take up only 800 bytes. The puzzle shipped with the Mac.


Quick, look at the beginning of any EXE program that runs on DOS, Windows, NT, or OS/2. Although you may never have noticed it before, they all start with the two ASCII characters MZ. Why MZ? Those are the initials of Microsoft programmer Mark Zbikowski, who has thereby achieved a kind of immortality (as long as people are running DOS-compatible programs).


Using the computer system at Florida State University as a stepping-stone to the Internet, software pirates in 1994 illegally uploaded IBM's OS/2, Microsoft Windows 95 beta, and other commercial programs to an area where anyone on the Internet could snag them for nothing. As a result, the Windows 95 beta is currently one of the most pirated and most posted programs on the Internet.


It sounds like a strange adventure game. You have six months until your company ships its revolutionary new computer and millions of people will turn it on and see -- what? Well, that was the problem haunting Steve Capps and Bruce Horn in the summer of 1983. With the Mac's announcement scheduled for January 1984, they had to code what would come to be known as the Mac Finder -- the file-manipulation and application interface that "knowledge workers" would be looking at and using day in and day out. Despite what you've heard about Apple simply lifting the Xerox Star's interface, every detail of the Mac's interface was discussed, experimented with, and agonized over for months. Some aspects were inherited from Apple's failing Lisa. Steve Jobs offered suggestions and vetoes. Designer Susan Kare took care of the aesthetics. The result was an interface people still point to as the way to do it right. And it ran in 50 KB.


In 1978, Harvard Business School graduate student Dan Bricklin had an idea for a kind of electronic blackboard that would automatically do calculations. His "visible calculator" became VisiCalc a year later, developed with Bob Frankston and published by Personal Software. The first electronic spreadsheet, VisiCalc appeared first for the Apple II computer--its 32-KB total size fitting comfortably into the Apple II's maximum of 48 KB of memory. Every spreadsheet since has duplicated features that VisiCalc premiered: automatic recalculation, labeled rows and columns, built-in math and business functions, and the ability to change parameters to do what-if analysis. Its under-200-page manual is in marked contrast to the multivolume bricks for today's spreadsheets.


In 1979, while hoosegowed in Pennsylvania's Northampton State Prison for offenses of the phone-phreaking kind, John Draper (aka Cap'n Crunch, after a brand of cereal whose free toy whistle's pitch could switch phone lines so phreaking might begin) wrote the word processing program Easy Writer on a computer provided as part of his rehabilitation program.


Bulgaria's otherwise-unknown Dark Avenger creates and unleashes a plethora of computer viruses all over the world. He has also produced a virus-making toolkit to make it easier for like-minded misanthropes to foul up the computers of total strangers. Romantic enough to name a virus after the American virus researcher Sara Gordon, who reputedly interviewed him, his main satisfaction seems to come from causing misery to millions of computer users the world over. What's he avenging? Who knows?


NASA astronaut Richard J. Hieb assisted in the dramatic rescue of the off-course $150 million Intelsat IV satellite in May 1992. Maneuvering the space shuttle (Endeavour, in this case) to rendezvous with another object in space is a surprisingly complex chore, rendered more difficult by traditional radar technology's inability to accurately measure the distance and relative speed of objects that get that close and move that slowly relative to each other. Luckily, on this rescue mission, they were employing a new laser-assisted system with software written by Hieb himself.

Hieb began writing his Payload Bay program (in C) in the early 1980s on his home computer. When he actually used it, he was quite far from home, running Payload Bay on one of NASA's Grid laptops. The OS? Plain old down-to-earth DOS.


When a Chicago-area real estate company started having trouble with its telephone voice-mail system in 1989, it had unwittingly exposed the tip of a nationwide criminal iceberg. Intruders were breaking into voice-mail systems, creating their own voice-mail accounts with which to barter stolen credit card numbers, changing passwords to lock out the legitimate users and administrators, and then using the systems to dial out again -- toll free. They would use the stolen credit card numbers to buy Western Union money orders that their leader eventually turned into cash, kicking back a percentage to over 150 accomplices nationwide. They would also crack corporate PBX codes, enabling them to make unlimited, free long-distance calls. Hundreds of long-distance calls for hundreds of thousands of dollars were billed to the helpless voice-mail and PBX owners. The criminal ring stole over $9000 in charged merchandise, $1000 in money orders, $30,000 in voice-mail service, $250,000 in telephone service, and $1.2 million in PBX long-distance telephone service.

Who was the apparent mastermind of this scheme? Agents found over 150 telephone credit card numbers, over 250 bank credit card numbers, and dozens of PBX "extender" codes in the possession of a 35-year-old Chicago mother of two, Leslie Lynn Doucette (Kyrie). She was sentenced to a 27-month prison term in 1990.


Steve Wozniak began designing a computer partly because he didn't have enough money to buy one. The results were the Apple I and Apple II computers. Wozniak also wanted to build the kind of computer he wanted to use. At the time, many computers relied on cassette tapes to save and distribute programs and data. Wozniak designed a 5-1/4-inch disk drive system for the Apple II, reckoning -- correctly -- that disks would become a tad more popular than cassettes. Unlike other disk drive systems -- IBM's comes to mind -- that were based on a conglomeration of electronics and mechanical components, Wozniak's system was based completely on software control of the drive. As a result, Apple II drives had the flexibility to read and format a variety of disks -- hard-sectored, soft-sectored, or whatever -- without hard-wired preset settings. The software implementation also meant that expensive and complex interface boards were not necessary, making the Apple drives simpler and cheaper.

The Apple II had rudimentary sound but composite video and a simple and compact layout. Wozniak made sure the Apple II had expansion slots in the motherboard to allow simpler upgrading (like Microsoft's CP/M emulation board to run WordStar), a feature IBM later included in the first IBM PC. Wozniak also became a master of the MOS Technology 6502 chip, not because it was a more capable microprocessor than Motorola's 6800 or Intel's 8080, but because it was cheaper -- an important consideration whenever starting a multibillion-dollar industry from a garage.