noise. A hacker might be reading a message on PI, and there, in the
middle of some juicy technical titbit, would be a bit of crud--random
characters `2'28 v'1';D>nj4'--followed by the comment, `Line noise.
Damn Telescum! At their best as usual, I see'. Sometimes the line
noise was so bad it logged the hacker off, thus forcing him to spend
another 45 minutes attack dialling the BBS. The modems didn't have
error correction, and the faster the modem speed, the worse the impact
of line noise. Often it became a race to read mail and post messages
before Telecom's line noise logged the hacker off.
Rumours flew through the underground again and again that Telecom was
trying to bring in timed local calls. The volume of outrage was
deafening. The BBS community believed it really irked the national
carrier that people could spend an hour logged into a BBS for the cost
of one local phone call. Even more heinous, other rumours abounded
that Telecom had forced at least one BBS to limit each incoming call
to under half an hour. Hence Telecom's other nickname in the computer
underground: Teleprofit.
To the BBS community, Telecom's Protective Services Unit was the
enemy. They were the electronic police. The underground saw Protective
Services as `the enforcers'--an all-powerful government force which
could raid your house, tap your phone line and seize your computer
equipment at any time. The ultimate reason to hate Telecom.
There was such hatred of Telecom that people in the computer
underground routinely discussed ways of sabotaging the carrier. Some
people talked of sending 240 volts of electricity down the telephone
line--an act which would blow up bits of the telephone exchange along
with any line technicians who happened to be working on the cable at
the time. Telecom had protective fuses which stopped electrical surges
on the line, but BBS hackers had reportedly developed circuit plans
which would allow high-frequency voltages to bypass them. Other
members of the underground considered what sweet justice it would be
to set fire to all the cables outside a particular Telecom exchange
which had an easily accessible cable entrance duct.
It was against this backdrop that the underground began to shift into
phreaking. Phreaking is loosely defined as hacking the telephone
system. It is a very loose definition. Some people believe phreaking
includes stealing a credit card number and using it to make a
long-distance call for free. Purists shun this definition. To them,
using a stolen credit card is not phreaking, it is carding. They argue
that phreaking demands a reasonable level of technical skill and
involves manipulation of a telephone exchange. This manipulation may
manifest itself as using computers or electrical circuits to generate
special tones or modify the voltage of a phone line. The manipulation
changes how the telephone exchange views a particular telephone
line. The result: a free and hopefully untraceable call. The purist
hacker sees phreaking more as a way of eluding telephone traces than of
calling his or her friends around the world for free.
The first transition into phreaking and eventually carding happened
over a period of about six months in 1988. Early hackers on PI and Zen
relied primarily on dial-outs, like those at Melbourne University or
Telecom's Clayton office, to bounce around international computer
sites. They also used X.25 dial-outs in other countries--the US,
Sweden and Germany--to make another leap in their international
journeys.
Gradually, the people running these dial-out lines wised up. Dial-outs
started drying up. Passwords were changed. Facilities were cancelled.
But the hackers didn't want to give up access to overseas systems.
They'd had their first taste of international calling and they wanted
more. There was a big shiny electronic world to explore out there.
They began trying different methods of getting where they wanted to
go. And so the Melbourne underground moved into phreaking.
Phreakers swarmed to PABXes like bees to honey. A PABX, a private
automatic branch exchange, works like a mini-Telecom telephone
exchange. Using a PABX, the employee of a large company could dial
another employee in-house without incurring the cost of a local
telephone call. If the employee was, for example, staying in a hotel
out of town, the company might ask him to make all his calls through
the company's PABX to avoid paying extortionate hotel long-distance
rates. If the employee was in Brisbane on business, he could dial a
Brisbane number which might route him via the company's PABX to
Sydney. From there, he might dial out to Rome or London, and the
charge would be billed directly to the company. What worked for an
employee also worked for a phreaker.
A phreaker dialling into the PABX would generally need to either know
or guess the password allowing him to dial out again. Often, the
phreaker was greeted by an automated message asking for the employee's
telephone extension--which also served as the password. Well, that was
easy enough. The phreaker simply tried a series of numbers until he
found one which actually worked.
Occasionally, a PABX system didn't even have passwords. The managers
of the PABX figured that keeping the phone number secret was good
enough security. Sometimes phreakers made free calls out of PABXes
simply by exploited security flaws in a particular model or brand of
PABX. A series of specific key presses allowed the phreaker to get in
without knowing a password, an employee's name, or even the name of
the company for that matter.
As a fashionable pastime on BBSes, phreaking began to surpass hacking.
PI established a private phreaking section. For a while, it became
almost old hat to call yourself a hacker. Phreaking was forging the
path forward.
Somewhere in this transition, the Phreakers Five sprung to life. A
group of five hackers-turned-phreakers gathered in an exclusive group
on PI. Tales of their late-night podding adventures leaked into the
other areas of the BBS and made would-be phreakers green with
jealousy.
First, the phreakers would scout out a telephone pod--the grey steel,
rounded box perched nondescriptly on most streets. Ideally, the chosen
pod would be by a park or some other public area likely to be deserted
at night. Pods directly in front of suburban houses were a bit
risky--the house might contain a nosy little old lady with a penchant
for calling the local police if anything looked suspicious. And what
she would see, if she peered out from behind her lace curtains, was a
small tornado of action.
One of the five would leap from the van and open the pod with a key
begged, borrowed or stolen from a Telecom technician. The keys seemed
easy enough to obtain. The BBSes message boards were rife with gleeful
tales of valuable Telecom equipment, such as 500 metres of cable or a
pod key, procured off a visiting Telecom repairman either through
legitimate means or in exchange for a six-pack of beer.
The designated phreaker would poke inside the pod until he found
someone else's phone line. He'd strip back the cable, whack on a pair
of alligator clips and, if he wanted to make a voice call, run it to a
linesman's handset also borrowed, bought or stolen from Telecom. If he
wanted to call another computer instead of talking voice, he would
need to extend the phone line back to the phreakers' car. This is
where the 500 metres of Telecom cable came in handy. A long cable
meant the car, containing five anxious, whispering young men and a
veritable junkyard of equipment, would not have to sit next to the pod
for hours on end. That sort of scene might look a little suspicious to
a local resident out walking his or her dog late one night.
The phreaker ran the cable down the street and, if possible, around
the corner. He pulled it into the car and attached it to the waiting
computer modem. At least one of the five was proficient enough with
electronics hardware to have rigged up the computer and modem to the
car battery. The Phreaker's Five could now call any computer without
being traced or billed. The phone call charges would appear at the end
of a local resident's phone bill. Telecom did not itemise residential
telephone bills at the time. True, it was a major drama to zoom around
suburban streets in the middle of the night with computers, alligator
clips and battery adaptors in tow, but that didn't matter so much. In
fact, the thrill of such a cloak-and-dagger operation was as good as
the actual hacking itself. It was illicit. In the phreakers' own eyes,
it was clever. And therefore it was fun.
Craig Bowen didn't think much of the Phreakers Five's style of
phreaking. In fact, the whole growth of phreaking as a pastime
depressed him a bit. He believed it just didn't require the technical
skills of proper hacking. Hacking was, in his view, about the
exploration of a brave new world of computers. Phreaking was, well, a
bit beneath a good hacker. Somehow it demeaned the task at hand.
Still, he could see how in some cases it was necessary in order to
continue hacking. Most people in the underground developed some basic
skills in phreaking, though people like Bowen always viewed it more as
a means to an end--just a way of getting from computer A to computer
B, nothing more. Nonetheless, he allowed phreaking discussion areas in
the private sections of PI.
What he refused to allow was discussion areas around credit card
fraud. Carding was anathema to Bowen and he watched with alarm as some
members of the underground began to shift from phreaking into carding.
Like the transition into phreaking, the move into carding was a
logical progression. It occurred over a period of perhaps six months
in 1988 and was as obvious as a group of giggling schoolgirls.
Many phreakers saw it simply as another type of phreaking. In fact it
was a lot less hassle than manipulating some company's PABX. Instead,
you just call up an operator, give him some stranger's credit card
number to pay for the call, and you were on your way. Of course, the
credit cards had a broader range of uses than the PABXes. The advent
of carding meant you could telephone your friends in the US or UK and
have a long voice conference call with all of them
simultaneously--something which could be a lot tougher to arrange on a
PABX. There were other benefits. You could actually charge things with
that credit card. As in goods. Mail order goods.
One member of the underground who used the handle Ivan Trotsky,
allegedly ordered $50000 worth of goods, including a jet ski, from the
US on a stolen card, only to leave it sitting on the Australian docks.
The Customs guys don't tend to take stolen credit cards for duty
payments. In another instance, Trotsky was allegedly more successful.
A try-hard hacker who kept pictures of Karl Marx and Lenin taped to
the side of his computer terminal, Trotsky regularly spewed communist
doctrine across the underground. A self-contained paradox, he spent
his time attending Communist Party of Australia meetings and duck
shoots. According to one hacker, Trotsky's particular contribution to
the overthrow of the capitalist order was the arrangement of a
shipment of expensive modems from the US using stolen credit cards. He
was rumoured to have made a tidy profit by selling the modems in the
computer community for about $200 each. Apparently, being part of the
communist revolution gave him all sorts of ready-made
rationalisations. Membership has its advantages.
To Bowen, carding was little more than theft. Hacking may have been a
moral issue, but in early 1988 in Australia it was not yet much of a
legal one. Carding was by contrast both a moral and a legal issue.
Bowen recognised that some people viewed hacking as a type of
theft--stealing someone else's computer resources--but the argument
was ambiguous. What if no-one needed those resources at 2 a.m. on a
given night? It might be seen more as `borrowing' an under-used asset,
since the hacker had not permanently appropriated any property. Not so
for carding.
What made carding even less noble was that it required the technical
skill of a wind-up toy. Not only was it beneath most good hackers, it
attracted the wrong sort of people into the hacking scene. People who
had little or no respect for the early Australian underground's golden
rules of hacking: don't damage computer systems you break into
(including crashing them); don't change the information in those
systems (except for altering logs to cover your tracks); and share
information. For most early Australian hackers, visiting someone
else's system was a bit like visiting a national park. Leave it as you
find it.
While the cream seemed to rise to the top of the hacking hierarchy, it
was the scum that floated at the top of the carding community. Few
people in the underground typified this more completely than Blue
Thunder, who had been hanging around the outskirts of the Melbourne
underground since at least 1986. The senior hackers treated Blue
Blunder, as they sometimes called him, with great derision.
His entrance into the underground was as ignominious as that of a
debutante who, delicately descending the grand steps of the ballroom,
trips and tumbles head-first onto the dance floor. He picked a fight
with the grande doyenne of the Melbourne underground.
The Real Article occupied a special place in the underground. For
starters, The Real Article was a woman--perhaps the only female to
play a major role in the early Melbourne underground scene. Although
she didn't hack computers, she knew a lot about them. She ran The Real
Connection, a BBS frequented by many of the hackers who hung out on
PI. She wasn't somebody's sister wafting in and out of the picture in
search of a boyfriend. She was older. She was as good as married. She
had kids. She was a force to be reckoned with in the hacking
community.
Forthright and formidable, The Real Article commanded considerable
respect among the underground. A good indicator of this respect was the
fact that the members of H.A.C.K. had inducted her as an honorary member
of their exclusive club. Perhaps it was because she ran a popular
board. More likely it was because, for all their bluff and bluster, most
hackers were young men with the problems of young men. Being older and
wiser, The Real Article knew how to lend a sympathetic ear to those
problems. As a woman and a non-hacker, she was removed from the jumble
of male ego hierarchical problems associated with confiding in a
peer. She served as a sort of mother to the embryonic hacking community,
but she was young enough to avoid the judgmental pitfalls most parents
fall into with children.
The Real Article and Blue Thunder went into partnership running a BBS
in early 1986. Blue Thunder, then a high-school student, was desperate
to run a board, so she let him co-sysop the system. At first the
partnership worked. Blue Thunder used to bring his high-school essays
over for her to proofread and correct. But a short time into the
partnership, it went sour. The Real Article didn't like Blue Thunder's
approach to running a BBS, which appeared to her to be get information
from other hackers and then dump them. The specific strategy seemed to
be: get hackers to logon and store their valuable information on the
BBS, steal that information and then lock them out of their own
account. By locking them out, he was able to steal all the glory; he
could then claim the hacking secrets were his own. It was, in her
opinion, not only unsustainable, but quite immoral. She parted ways
with Blue Thunder and excommunicated him from her BBS.
Not long after, The Real Article started getting harassing phone calls
at 4 in the morning. The calls were relentless. Four a.m. on the dot,
every night. The voice at the other end of the line was computer
synthesised. This was followed by a picture of a machine-gun, printed
out on a cheap dot matrix printer in Commodore ASCII, delivered in her
letterbox. There was a threatening message attached which read
something like, `If you want the kids to stay alive, get them out of
the house'.
After that came the brick through the window. It landed in the back of
her TV. Then she woke up one morning to find her phone line dead.
Someone had opened the Telecom well in the nature strip across the
road and cut out a metre of cable. It meant the phone lines for the
entire street were down.
The Real Article tended to rise above the petty games that whining
adolescent boys with bruised egos could play, but this was too much.
She called in Telecom Protective Services, who put a last party
release on her phone line to trace the early-morning harassing calls.
She suspected Blue Thunder was involved, but nothing was ever proved.
Finally, the calls stopped. She voiced her suspicions to others in the
computer underground. Whatever shred of reputation Blue Chunder, as he
then became known for a time, had was soon decimated.
Since his own technical contributions were seen by his fellow BBS
users as limited, Blue Thunder would likely have faded into obscurity,
condemned to spend the rest of his time in the underground jumping
around the ankles of the aristocratic hackers. But the birth of
carding arrived at a fortuitous moment for him and he got into carding
in a big way, so big in fact that he soon got busted.
People in the underground recognised him as a liability, both because
of what many hackers saw as his loose morals and because he was
boastful of his activities. One key hacker said, `He seemed to relish
the idea of getting caught. He told people he worked for a credit
union and that he stole lots of credit card numbers. He sold
information, such as accounts on systems, for financial gain.' In
partnership with a carder, he also allegedly sent a bouquet of flowers
to the police fraud squad--and paid for it with a stolen credit card
number.
On 31 August 1988, Blue Thunder faced 22 charges in the Melbourne
Magistrates Court, where he managed to get most of the charges dropped
or amalgamated. He only ended up pleading guilty to five counts,
including deception and theft. The Real Article sat in the back of the
courtroom watching the proceedings. Blue Thunder must have been pretty
worried about what kind of sentence the magistrate would hand down
because she said he approached her during the lunch break and asked if
she would appear as a character witness for the defence. She looked
him straight in the eye and said, `I think you would prefer it if I
didn't'. He landed 200 hours of community service and an order to pay
$706 in costs.
Craig Bowen didn't like where the part of the underground typified by
Blue Thunder was headed. In his view, Chunder and Trotsky stood out as
bad apples in an otherwise healthy group, and they signalled an
unpleasant shift towards selling information. This was perhaps the
greatest taboo. It was dirty. It was seedy. It was the realm of
criminals, not explorers. The Australian computer underground had
started to lose some of its fresh-faced innocence.
Somewhere in the midst of all this, a new player entered the Melbourne
underground. His name was Stuart Gill, from a company called
Hackwatch.
Bowen met Stuart through Kevin Fitzgerald, a well-known local hacker
commentator who founded the Chisholm Institute of Technology's
Computer Abuse Research Bureau, which later became the Australian
Computer Abuse Research Bureau. After seeing a newspaper article
quoting Fitzgerald, Craig decided to ring up the man many members of
the underground considered to be a hacker-catcher. Why not? There were
no federal laws in Australia against hacking, so Bowen didn't feel
that nervous about it. Besides, he wanted to meet the enemy. No-one
from the Australian underground had ever done it before, and Bowen
decided it was high time. He wanted to set the record straight with
Fitzgerald, to let him know what hackers were really on about. They
began to talk periodically on the phone.
Along the way, Bowen met Stuart Gill who said that he was working with
Fitzgerald.4 Before long, Gill began visiting PI. Eventually, Bowen
visited Gill in person at the Mount Martha home he shared with his
elderly aunt and uncle. Stuart had all sorts of computer equipment
hooked up there, and a great number of boxes of papers in the garage.
`Oh, hello there, Paul,' Gill's ancient-looking uncle said when he saw
the twosome. As soon as the old man had tottered off, Gill pulled
Bowen aside confidentially.
`Don't worry about old Eric,' he said. `He lost it in the war. Today
he thinks I'm Paul, tomorrow it will be someone else.'
Bowen nodded, understanding.
There were many strange things about Stuart Gill, all of which seemed
to have a rational explanation, yet that explanation somehow never
quite answered the question in full.
Aged in his late thirties, he was much older and far more worldly than
Craig Bowen. He had very, very pale skin--so pasty it looked as though
he had never sat in the sun in his life.
Gill drew Bowen into the complex web of his life. Soon he told the
young hacker that he wasn't just running Hackwatch, he was also
involved in intelligence work. For the Australian Federal Police. For
ASIO. For the National Crime Authority. For the Victoria Police's
Bureau of Criminal Intelligence (BCI). He showed Bowen some secret
computer files and documents, but he made him sign a special form
first--a legal-looking document demanding non-disclosure based on some
sort of official secrets act.
Bowen was impressed. Why wouldn't he be? Gill's cloak-and-dagger world
looked like the perfect boy's own adventure. Even bigger and better
than hacking. He was a little strange, but that was part of the
allure.
Like the time they took a trip to Sale together around Christmas 1988.
Gill told Bowen he had to get out of town for a few days--certain
undesirable people were after him. He didn't drive, so could Craig
Share with your friends: |