• Choose a category
• All
• Classic-Fiction

After some back and forth, Shawn asked, “Okay, what’s your username?”

“ ‘g–n–a–u–l–t,’ ” I said, spelling it out slowly.

Shawn gave me the dial-up number to the 3Com terminal server, 800-37-TCP-IP. “Gabe,” he said, “do me a favor. Call my voicemail number at my office and leave me a message with the password you want.” He gave me the number, and I left the message as he’d instructed: “Hi, Shawn, this is Gabe Nault. Please set my password to ‘snowbird.’ Thanks again,” I said.

There was no way I was going to call the toll-free 800-number Shawn had given me: when you call a toll-free number, the number you’re calling from is automatically captured. Instead, the next afternoon I called Pacific Bell and social-engineered the POTS number associated with the number Shawn had given me; it was 408 955-9515. I dialed in to the 3Com terminal server and tried to log in to the “gnault” account. It worked. Perfect.

I started using the 3Com terminal server as my access point into the network. When I remembered that Novell had acquired Unix Systems Laboratories from AT&T, I went after the source code for UnixWare, which I years earlier found on servers in New Jersey. Earlier I had compromised AT&T to get access to the SCCS (Switching Control Center System) source code and briefly got into AT&T’s Unix Development Group in Cherry Hill, New Jersey. Now I felt like it was déjà vu because the hostnames of the development systems were still the same. I archived and compressed the latest source code and moved it to a system in Provo, Utah, then over the weekend transferred the huge archive to my electronic storage locker at Colorado Supernet. I couldn’t believe how much disk space I was using, and often needed to search for additional dormant accounts to hide all my stuff.

On one occasion, I had a strange feeling after I dialed in to the 3Com terminal server, as if someone were standing behind me and watching everything I typed. Some sixth sense, some instinct, told me the Novell system administrators were looking over my shoulder.

I typed:

Hey, I know you are watching me, but you’ll never catch me!

(I talked with Novell’s Shawn Nunley a while back. He told me they actually were watching at that moment, and they started laughing, wondering, “How could he possibly know?”)

Nonetheless, I continued my hacking into numerous internal systems at Novell, where I planted tools to steal log-in credentials, and intercepted network traffic so I could expand my access into yet more Novell systems.

A few days later I still felt a bit uneasy. I called the RCMAC (Recent Change Memory Authorization Center) at Pacific Bell and spoke to the clerk who processed orders for the San Jose switch. I asked her to query the dial-up number in the switch and tell me exactly what the switch output message said. When she did, I discovered it had a trap-and-trace on it. Son of a bitch! How long had it been up? I called the Switching Control Center for that area, posing as Pacific Bell Security, and was transferred to a guy who could look up the trap-and-trace information.

“It went up on January twenty-second,” he said. Only three days earlier. Whoa—too close for comfort! Luckily, I had not been calling much during that time; Pacific Bell would have been able to trace my calls only as far as the long-distance carrier, but could not track the calls all the way back to me.

I breathed a sigh of relief and decided to leave Novell alone. Things were getting way too hot there.

Years later, that voicemail I’d left for Shawn Nunley would come back to bite me in the ass. Shawn for some reason saved my message, and when somebody from Novell Security got in touch, he played it for him, and then that guy in turn gave it to the San Jose High-Tech Crime Unit. The cops weren’t able to tie the voice to any particular suspect. But months later, they sent the tape to the FBI in Los Angeles to see if the Feds could make anything out of it. The tape eventually found its way to the desk of Special Agent Kathleen Carson. She inserted it