Ghost in the Wires_ My Adventures as the World's Most Wanted Hacker - Kevin Mitnick [130]
“Well,” said the manager, “just for the weekend, I think we can let you use the one in the NOC. I’ll tell the guys on duty that when you call, it’s okay to read off the pass code,” and he gave me the PIN to use with it.
For the whole weekend, every time I wanted to dial in to Motorola’s internal network, all I had to do was call the Network Operations Center and ask whoever answered to read off the six digits displayed on the SecurID.
But I wasn’t home free yet. When I dialed in to Motorola’s dial-up terminal server, the systems I was trying to reach, in the Cellular Subscriber Group, weren’t available. I’d have to find some other way in.
The next step took chutzpah: I called back Walsh in the Network Operations Center. I complained, “None of our systems are reachable from the dial-up terminal server, so I can’t connect. Could you set me up with an account on one of the computers in the NOC so I can connect to my workstation?”
Ed’s manager had already said it was okay to give me the passcode displayed on the SecurID, so this new request didn’t seem unreasonable. Walsh temporarily changed the password on his own account on one of the NOC’s computers and gave me the information to log in, then said, “Call me when you don’t need it anymore so I can change my password back.”
I tried to connect to any one of the systems in the Cellular Subscriber Group, but I kept being blocked; apparently they were all firewalled. By probing around Motorola’s network, I finally found one system with the “guest” account enabled—meaning that the gates had been left open, and I could log in. (I got a surprise when I identified this system as a NeXT workstation, produced by the short-lived company Steve Jobs founded before he returned to Apple.) I downloaded the password file and cracked the password of somebody who had access to that machine, a guy named Steve Urbanski. It didn’t take my password cracker long: the username he used to access the NeXT computer was “steveu,” and he had chosen “mary” as his password.
I immediately tried to log in to the “lc16” host in the Cellular Subscriber Group from the NeXT workstation, but the password didn’t work. Huge bummer!
Fine. The information about Urbanski’s credentials would come in handy later. What I needed, though, was not his NeXT account but the password for his account on the Cellular Subscriber Group’s servers, which held the source code I wanted.
I tracked down Urbanski’s home phone number and called him. Claiming to be from “the NOC,” I announced, “We’ve suffered a major hard disk failure. Do you have any files you need to recover?”
Duh! He did!
“Well, we can do that on Thursday,” I told him. Thursday meant he would be without his work files for three days. I held the phone away from my ear as I got the expected explosion.
“Yeah, I can understand,” I said sympathetically. “I guess I can make an exception and put you ahead of everybody else if you’ll keep it to yourself. We’re setting up the server on a brand-new machine, and I’ll need to re-create your user account on the new system. Your username is ‘steveu,’ right?”
“Yes,” he said.
“Okay, Steve, choose a new password you’d like.” Then, as if I’d just had a better idea, I went on, “Oh, never mind, just tell me what your current password is, and I’ll set it to that.”
That naturally made him suspicious. “Who are you again?” he wanted to know. “Who did you say you worked for?”
I repeated what I had told him, calmly, taking it as an everyday thing.
I asked if he had a SecurID. Just as I expected, the answer was yes, so I said, “Let me pull your SecurID application.” This was a gamble. I knew he had probably filled out the form ages before and probably wouldn’t remember whether it had asked for a password. And since I already knew that one of the passwords he used was “mary,” I figured that would