(Fwd) Hacked
From
"stu" <lsi@space.net.au>
Date
Mon, 4 Oct 1999 22:51:01 +0800
[: hacktivism :]
How an FBI Cybersleuth
Busted a Hacker Ring
By JOHN SIMONS
Staff Reporter of THE WALL STREET JOURNAL
DALLAS -- In a federal courtroom here, Calvin Cantrell stands silently,
broad shoulders slouched. His lawyer reads from a short letter he has
written:
"My parents taught me good ethics, but I have departed from some of
these, lost my way sometimes," the letter states. "I was 25 and living
at home. No job, and no future... . All I ever really wanted was to work
with computers."
Mr. Cantrell certainly did work with computers -- both his own, and,
surreptitiously, those of some of the largest companies in the world. He
was part of a ring of hackers that pleaded guilty here to the most
extensive illegal breach of the nation's telecommunications
infrastructure in high-tech history.
And sitting behind him in court as he was sentenced two weeks ago was
the accountant-turned-detective who caught him: Michael Morris. A decade
earlier, Mr. Morris, bored with accounting work, left a $96,000 job at
Price Waterhouse and enrolled in the FBI academy, at $24,500 a year. Mr.
Cantrell's sentencing was the final act in a five-year drama for Mr.
Morris, and secured his reputation as the FBI's leading computer
gumshoe.
The tale of Mr. Morris and Mr. Cantrell is among the first cops-and-
robber stories of the New Economy, involving, among other things, the
first-ever use of an FBI "data tap." It illustrates how the nation's
law-enforcement agencies are scrambling to reinvent their profession in
a frantic effort to keep pace with brilliant and restless young hackers.
The story also shows that hacking's potential harm is far more ominous
than theft of telephone credit-card numbers. Mr. Cantrell was part of an
eleven-member group dubbed "The Phonemasters" by the FBI. They were all
technically adept twenty-somethings expert at manipulating computers
that route telephone calls.
The hackers had gained access to telephone networks of companies
including AT&T Corp., British Telecommunications Inc., GTE Corp., MCI
WorldCom (then MCI Communications Corp.), Southwestern Bell, and Sprint
Corp. They broke into credit-reporting databases belonging to Equifax
Inc. and TRW Inc. They entered Nexis/Lexis databases and systems of Dun
& Bradstreet, court records show.
The breadth of their monkey-wrenching was staggering; at various times,
they could eavesdrop on phone calls, compromise secure databases, and
redirect communications at will. They had access to portions of the
national power grid, air-traffic-control systems and had hacked their
way into a digital cache of unpublished telephone numbers at the White
House. The FBI alleges, in evidence filed in U.S. District Court for the
Northern District of Texas, that the Phonemasters had even conspired to
break into the FBI's own National Crime Information Center.
Unlike less-polished hackers, they often worked in stealth, and avoided
bragging about their exploits. Their ultimate goal was not just fun, but
profit. Some of the young men, says the FBI, were in the business of
selling the credit reports, criminal records, and other data they
pilfered from databases. Their customers included private investigators,
so-called information brokers and -- by way of middlemen -- the Sicilian
Mafia. According to FBI estimates, the gang accounted for about $1.85
million in business losses.
"They could have -- temporarily at least -- crippled the national phone
network. What scares me the most is that these guys, if they had had a
handler, whether criminal or state-sponsored, could have done a lot of
damage," says Mr. Morris. "They must have felt like cyber-gods."
With the exception of Mr. Cantrell, none of the defendants in the
Phonemasters case would comment on the matter. Others are thought to
remain at large. This is the story of Mr. Cantrell and two accomplices,
largely put together from federal district court records and FBI
interviews.
Mr. Morris first learned of the group in August 1994, when he got a
phone call from a Dallas private investigator, saying Mr. Cantrell had
offered to sell him personal data on anyone he wished. He even offered a
price list: personal credit reports were $75; state motor-vehicle
records, $25; records from the FBI's Crime Information Center, $100. On
the menu for $500: the address or phone number of any
"celebrity/important person."
Mr. Morris immediately opened an investigation. Only 33 years old at the
time, he had taken an annual pay cut to join the FBI just five years
earlier. He had been a tax consultant at Price Waterhouse, and despised
the work. "I was young and making the big bucks, but every morning I
would think 'God, I don't want to go to work.' "
Tall, square-jawed and mustachioed, Mr. Morris began working white-
collar crimes when he arrived at the Dallas FBI field office. He took on
a few hacker cases and realized he liked the challenge. "These guys are
not the kind who'll rob the convenience store then stare right into the
security camera," he says. "Trying to be the Sherlock Holmes of the
Internet is hard when the fingerprints on the window can be so easily
erased."
Mr. Morris convinced the private investigator to meet with Mr. Cantrell
while wearing an audio taping device. After reviewing the tapes, he was
certain that he was onto something big. He applied for and received
court authority to place a digital number recorder on Mr. Cantrell's
phone lines, which would log numbers of all outgoing calls. It showed
that Mr. Cantrell frequently dialed corporate telephone numbers for
AT&T, GTE, MCI, Southwestern Bell and Sprint. Mr. Cantrell had also
placed calls to two unlisted numbers at the White House, which further
piqued Mr. Morris's interest.
So, late that summer, Mr. Morris took an unprecedented step. He began
writing a 40-page letter to the FBI's Washington headquarters, the
Department of Justice and the federal district court in Dallas.
Recording Mr. Cantrell -- now his central suspect -- while on the phone
wasn't sufficient for the job that faced him, he believed. Instead, he
needed new federal powers. He asked for Washington's permission to
intercept the impulses that traveled along Mr. Cantrell's phone line as
he was using his computer and modem.
"It's one of the hardest techniques to get approved, partly because it's
so intrusive," says Mr. Morris, who spent the next month or so
consulting with federal authorities. "The public citizen in me
appreciates that," he says. Still, the long wait was frustrating. "It
took a lot of educating federal attorneys," he says.
Once authorities said yes, Mr. Morris faced another obstacle: The
equipment he needed didn't exist within the FBI. Federal investigators
had experimented with a so-called data-intercept device only once before
in a New York hacker case a year earlier. It had failed miserably.
Mr. Morris and technicians at the FBI's engineering lab in Quantico,
Va., worked together to draft the specifications for the device Mr.
Morris wanted. It would need to do the reverse of what a computer's
modem does. A modem takes digital data from a computer and translates it
to analog signals that can be sent via phone lines. Mr. Morris's device
would intercept the analog signals on Mr. Cantrell's phone line and
convert those impulses back to digital signals so the FBI's computers
could capture and record each of a suspect's keystrokes.
While waiting for the FBI to fit him with the proper gear, Mr. Morris
contacted several of the telephone companies to alert them that they had
been victimized. The reception he got wasn't always warm. "It's kind of
sad. Some of the companies, when you told them they'd had an intrusion,
would actually argue with you," he said.
GTE was an exception. Mr. Morris discovered that Bill Oswald, a GTE
corporate investigator, had opened his own Phonemasters probe. Mr.
Oswald and Mr. Morris began working together and uncovered another of
Mr. Cantrell's schemes: He and some friends had managed to get their
hands on some telephone numbers for FBI field offices. They entered the
telephone system and forwarded some of those FBI telephones to phone-sex
chat lines in Germany, Moldavia and Hong Kong. As a result of the prank,
the FBI was billed for about $200,000 in illegal calls.
Mr. Morris also learned that on Oct. 11, 1994, Mr. Cantrell hacked GTE's
computer telephone "switch" in Monticeto, Calif., created a fake
telephone number and forwarded calls for that number to a sex-chat line
in Germany. The FBI isn't sure how Mr. Cantrell convinced people to call
the number, but court records show that Mr. Cantrell received a payment
of $2,200 from someone in Germany in exchange for generating call
traffic to the phone-sex service.
In early December 1994, Mr. Morris's "analog data intercept device"
finally arrived from the FBI's engineering department. It was a $70,000
prototype which Mr. Morris calls "the magic box."
On Dec. 20, Mr. Morris and other agents opened up their surveillance in
an unheated warehouse with a leaky roof. The location was ideal because
it sat between Mr. Cantrell's home and the nearest telephone central
office. Mr. Morris and nine other agents took turns overseeing the
wiretap and data intercepts. The agents often had to pull a tarp over
their workspace to keep rain from damaging the costly equipment.
As middle-class families go, the Cantrells seem exemplary. Calvin's
father, Roy, was a retired detective who had once been voted "Policeman
of the Year" in Grand Prairie, the suburb west of Dallas where they
live. His mother, Carol, taught Latin and English at Grand Prairie High
School, where Calvin graduated in 1987 with above-average grades. As a
student, he was no recluse. He had a small circle of friends who shared
his love of martial arts, video games, and spy movies. Mr. Cantrell's
longtime friend, Brandon McWhorter, says Calvin was always a fun-loving
guy, but there was one thing about which he was very serious.
"He would always talk to me about religion," says Mr. McWhorter. "He
held very strong religious beliefs."
After high school, Mr. Cantrell continued to live at home while taking
classes at the University of Texas at Arlington and a local community
college.
He held a series of odd jobs and hired himself out as a deejay for
weddings and corporate parties. Mr. Cantrell balanced, school, work,
family and friends even as he began hacking more often. His parents
became suspicious, but said nothing. The family had three phones; Calvin
stayed on his 15 hours a day.
"They'd go in my room and see all the notes and the phone numbers. Even
though they couldn't put it together technically, they knew something
was up," says Mr. Cantrell. "They were kind of in denial... . My parents
were pretty soft."
Mrs. Cantrell says Calvin had been so well behaved that she never
suspected his computer activities were more than fun and games. "I wish
I had known what was going on. Unfortunately, my son was smarter than I
was." (Calvin's father passed away last year.)
At 8:45 on the night of Dec. 21, just four days before Christmas, Mr.
Cantrell went online. Using an ill-gotten password, he entered a Sprint
Corp. computer, where he raided a database, copying more than 850
calling-card access codes and other files, court records in the case
show. The Phonemasters often got passwords and other key information on
companies in a low-tech approach called "Dumpster diving," raiding the
trash bins of area phone firms for old technical manuals, phone
directories and other company papers. This often allowed Mr. Cantrell to
run one of his favorite ruses -- passing himself off as a company
insider.
"I'd call up and say, 'Hi, I'm Bill Edwards with systems
administration.' ... I'd chat with them for a while, then I'd say 'We're
doing some network checkups today. Can you log off of your computer,
then tell me every character you're typing as you log back on?' A lot of
people fell for that," Mr. Cantrell says.
After hacking into the Sprint database that evening, Mr. Cantrell talked
to another hacker, Corey Lindsley, over the phone. He'd "met" Mr.
Lindsley, and another hacker, John Bosanac, in 1993 while surfing the
murky world of hacker bulletin boards. Mr. Cantrell then sent the copied
files to Mr. Lindsley, who was a student at the University of
Pennsylvania in Philadelphia.
Mr. Morris's equipment captured everything -- voice and data. It was an
FBI first. "We're sitting in this place that looked liked a bomb pit,
but the atmosphere was really exciting," says Mr. Morris. "We were
ecstatic."
As the days passed, the FBI wiretap generated stacks upon stacks of
audiotapes and data transcripts. Some was just idle talk among friends,
the occasional call to finalize dinner plans, lots of workaday chatter.
But the incriminating evidence mounted. "It's great, you know. I really
love fraud," joked Mr. Bosanac, a Californian who was musing with Mr.
Cantrell about the various technical methods of using other people's
cellular telephone accounts to place free calls. "Fraud is a beautiful
thing."
Family conversations even entered the investigation. On Jan. 7, for
instance, Mr. Cantrell called his mother from a friend's house and asked
her find an MCI Corp. manual on his shelf. He then asked her to read him
a set of directions for accessing MCI's V-NET computer system. Mrs.
Cantrell read the material but asked her son whether he was supposed to
have the book, citing warnings that stated its contents were restricted
to MCI employees. Mr. Cantrell just avoided his mother's question. The
FBI data-tap captured every word.
Still, the process took its toll on the FBI team, especially coming
during the holidays. "It was stressful that the wiretap was going 24
hours a day, seven days a week. I had to write up the legal documents
and it's tough making people work through Christmas," Mr. Morris said.
On top of that, he had to keep records of his findings, and every ten
days he had to reapply to the court to prove that his wiretap was
yielding evidence.
By late January, the FBI had begun to get a clear profile of Mr.
Cantrell and his hacker friends. Mr. Lindsley, it appeared, was the
group's acerbic leader, directing much of the hacking activity. Over
phone lines, the FBI heard him bragging about how he had given a
Pennsylvania police department "the pager treatment" in retaliation for
a speeding ticket he received. Mr. Lindsley had caused the police
department's telephone number to appear on thousands of pagers across
the country. The resulting flood of incoming calls, Mr. Lindsley
bragged, would surely crash the department's phone system.
They also enjoyed collecting information about film stars, musicians and
other famous people. Mr. Cantrell has admitted that he broke into
President Clinton's mother's telephone billing records in Arkansas to
obtain a list of unpublished White House numbers. The men, says the FBI,
even made harassing phone calls to rock star Courtney Love and former
child actor Danny Bonaduce using pilfered numbers.
They weren't without fear of getting caught. On the evening of Jan. 17,
for instance, there was a clicking on the phone line as Messrs. Bosanac,
Cantrell, and Lindsley shared a three-way conference call. "What the
hell happened?" asked Mr. Bosanac, according to an FBI transcript of the
conversation.
"That was the FBI tapping in," laughed Mr. Cantrell.
"Do you know how ironic that's gonna be when they play those tapes in
court?" Mr. Lindsley said. "When they play that tape in court and they
got you saying it was the FBI tapping in?"
On Jan. 18, the FBI overheard Messrs. Cantrell, Bosanac and Lindsley on
another conference call. With the other two men giving directions, Mr.
Cantrell dialed his computer into Southwestern Bell's network and copied
a database of unlisted phone numbers. The three men then discussed plans
to write a computer program that could automatically download access
codes and calling-card numbers from various telephone systems. They also
talked about the chance that the FBI would one day track them down.
"Just remember, nobody f-- rats anybody out," said Mr. Lindsley to the
others. "No deals."
"Yeah, no deals is right," replied Mr. Bosanac.
"No deals. I'm serious. I don't care what your f-- lawyers tell you,"
said Mr. Lindsley.
Mr. Cantrell said nothing.
Later that morning, between 5:09 a.m. and 7:36 a.m., Mr. Cantrell
entered Sprint's computer system and downloaded about 850 Sprint
calling-card codes. He then transferred those codes to a man in Canada.
The codes would allow anyone who purchased them to place free
international phone calls. Mr. Morris would later learn that a contact
in Canada paid Mr. Cantrell $2 apiece for each code, court records show.
The Phonemasters most likely did not know -- or care -- where the codes
ended up, but the FBI traced them and found some ended up in the hands
of a Sicilian Mafia operative in Switzerland.
On Jan. 23, while probing a U S West telephone database, Mr. Cantrell,
Mr. Bosanac, Mr. Lindsley and others stumbled over a list of telephone
lines that were being monitored by law enforcement. On a lark, they
decided to call one of the people -- a suspected drug dealer, says Mr.
Morris -- and let him know his pager was being traced by the police.
On Jan. 27, the group was clearly feeling paranoia about being caught,
prompting Mr. Lindsley to tell his accomplices to pull as many Sprint
codes as quickly as they could. Mr. Cantrell began to have reservations.
"What if I stopped before all of y'all?" Mr. Cantrell asked Mr.
Lindsley. "Would you applaud my efforts?"
"No," said Mr. Lindsley. "I don't think there's any reason to stop. What
are you worried about?"
"Uh, I'm not worried about anything. I'm just saying, uhm. There might
... There might come a time here where I don't have time for this."
He added a little later: "I, you know, really like it. But, I don't
know, I just ... Eventually, I don't see myself doing a lot of illegal
things."
Mr. Lindsley continued to prod Mr. Cantrell to speed up the download of
stolen codes by spending more time online and using two phones.
"I'm telling you, you run two lines around the clock," Mr. Lindsley
said.
"You can't run them around the clock," said Mr. Cantrell.
"Why not?"
"Oh, come on. I think that's pushing it too hard."
"I think you just got a weak stomach there, boy."
By late February, things began to get tense. One of Mr. Cantrell's
hacker friends informed him that his number had shown up in a database
of phone numbers being monitored by the FBI. In all the excitement of
burglarizing databases and rerouting phone calls, the Phonemasters had
neglected to check their own phone lines for any signs that law
enforcement might be listening in.
Mr. Morris hastily arranged for an FBI raid. On Feb. 22, 1995, agents
raided Mr. Cantrell's home, Mr. Lindsley's college dorm room, and burst
into Mr. Bosanac's bedroom in San Diego.
For Mr. Morris, the climactic raid was only the start of a long battle
to bring the hackers to justice. Because of the complicated nature of
his evidence gathering, it took him more than two years to compile the
most salient portions of the wiretap transcripts and data-tap evidence.
"All the documents and tapes from this case could fill a 20-by-20 room,"
Mr. Morris explains. "And at the time, I was the only computer
investigator for all of Texas."
In the meantime, as federal prosecutors slowly geared up for a trial,
Mr. Cantrell tried to get on with his life. "I spent the first few weeks
after the raid being paranoid and wondering what would happen," he says.
Occasionally, Mr. Morris and other agents would call him, asking
questions about some of the systems he had hacked. By the summer of
1995, at the urging of his mother, Mr. Cantrell started attending church
again. He scored the first in a string of professional computing jobs,
doing systems-administration work for a company called Lee Datamail in
Dallas. He neglected to tell his employers about the FBI case. "It's
been mental torture for the last four years, not knowing," says Mr.
Cantrell. "Can I go to school, move to another state? That kind of thing
messes with your head."
Over time, Mr. Cantrell says he had come to seriously regret what he had
done and the $9,000 he says he made from selling codes wasn't worth the
trouble. "Looking back, it was all crazy. It was an obsession. I wanted
to see how much I could conquer and a little power went to my head." Mr.
Cantrell notes that he has since tried to make amends, even helping the
phone companies plug their security holes and helping the FBI gather
more information on some of the group's members who haven't yet been
apprehended.
The matter finally seemed near conclusion this March when Mr. Morris was
able to play "a couple of choice tapes" in separate meetings with
Messrs. Cantrell, Bosanac and Lindsley. Afterward, all three agreed to
plead guilty to federal charges of one count of theft and possession of
unauthorized calling-card numbers and one count of unauthorized access
to computer systems. Chief Judge Jerry Buchmeyer ordered a presentencing
investigation.
During a hearing on the matter, Mr. Lindsley's attorney tried to argue
that the FBI had wildly overstated the $1.85 million in losses that her
client's hacking had allegedly caused. But in the end, Judge Buchmeyer
rejected the argument and sentenced him to 41 months in prison. Mr.
Bosanac, in the meantime, has asked that his sentencing hearing be moved
to San Diego, where he lives.
As for Mr. Cantrell, Judge Buchmeyer lauded his "acceptance of guilt."
He could have been sentenced to three years in federal prison; instead
he was given two. He reports to federal prison in January of next year.
Mr. Morris, meanwhile, has used his data-tap method in several other
cases; he also travels around the country and the world advising law-
enforcement agencies on how to conduct state-of-the-art investigations
of hacker crimes.
----------------------------------------
. ^ Stuart Udall
.~X\ s_udall@yahoo.com
.~ \ http://members.xoom.com/loosekrew/
Merry Krishnas! .. are quite raucous
[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: http://hacktivism.tao.ca/ :]