Ghost in the Wires_ My Adventures as the World's Most Wanted Hacker - Kevin Mitnick [120]
My coworkers in IT were so different from one another that they seemed almost like the characters in a play. Ginger, who had big teeth and was a bit on the pudgy side, was thirty-one and married. She took something of a liking to me, and we enjoyed a little playful banter at times. Still, I don’t think I did anything to suggest I had any sort of sexual interest in her—and certainly nothing to justify a couple of remarks she made to me around the office. She commented late one evening when we were both in the computer room: “I wonder what would happen if you had me laid out on this table and somebody walked in?” Huh?
Or maybe those come-ons of hers were actually intended to disarm me, so I wouldn’t become suspicious of her.
Back in LA before I went on the run, one of the people in my social circle with Lewis had been a guy named Joe McGuckin, a doughy guy with a round face and a sizable belly, bespectacled, close-shaven but still looking like he had a day’s growth, his brown hair hanging partway down his forehead in girly bangs. The three of us used to hang out together, so often eating at Sizzler and then going to a movie afterward that Lewis and I nicknamed him “Sizzler and a Movie.”
In a conversation we had while I was living in Denver, Lewis told me that Joe had given him an account on a Sun workstation he had at home. Lewis passed the credentials along to me, with a request. He was hoping I could get root on Joe’s workstation and then tell him how I got in, so he could needle Joe about it. That sounded to me like an interesting opportunity: since Joe was a contractor for Sun Microsystems, he very likely had the ability to remotely access the company’s network, which might be a way for me to hack into Sun.
Whenever we had discussed hacking back in those days in LA, Joe had always insisted that his workstation was as secure as Fort Knox. I thought, Oh, I’m going to have fun messing with him. Our love of pulling pranks was a common trait that had drawn Lewis and me together ever since our pranks with the drive-up windows at McDonald’s. I called Joe’s home phone number first to make sure he wasn’t there, then dialed the modem line at his house. Once I had logged in using Lewis’s account, it took me only a few minutes to discover that Joe hadn’t kept his security patches up to date. So much for Fort Knox. By exploiting a flaw in a program called “rdist,” I popped root on his system. Let the games begin. When I listed the processes he was running, I was surprised to see “crack,” the popular program for cracking passwords, written by a guy named Alec Muffett. Why would Joe be running that?
It didn’t take long to find the password file that crack was working on. I stared at the screen, stunned by what I was seeing.
Joe McGuckin, Sun Microsystems contractor, was cracking the passwords of the company’s Engineering Group.
I couldn’t fucking believe this. It was as if I had just taken a walk in the park and found a bag of hundred-dollar bills.
After I copied off the cracked passwords, my next hunt was through Joe’s emails, searching on the keywords modem and dial-up. Bingo! I found an internal Sun email containing the information I was hoping for. It read, in part:
From: kessler@sparky (Tom Kessler)
To: ppp-announce@comm
Subject: New PPP server
Our new ppp server (mercury) is now up and running, available for you to test your connection. The phone number for mercury is 415 691-9311.
I also copied the original Sun password files (which contained the encrypted password hashes) that Joe was in the process of cracking, in case I lost access to his machine. Included in the cracked-password list was Joe’s own Sun password, which as I recall was something like “party5.” (Crack had broken that one, too.) A walk