Ghost in the Wires_ My Adventures as the World's Most Wanted Hacker - Kevin Mitnick [139]
Shit!
I needed to find out how I was being watched, and how long it had been going on.
Examining the systems I had been using at USC, I found that a monitoring program had been installed to spy on my activities, and I was even able to identify the USC system administrator who had set it up, a guy named Asbed Bedrossian. Reasoning that one good spy deserved another, I located the host where he and other USC system administrators received their email—sol.usc.edu—got root access, and searched Asbed’s mail, in particular for the term FBI. I came upon this:
Heads up! We have a security incident. We have two accounts that are being monitored by the FBI and by sysadmin ASBED. The accounts have been compromised. If you receive a call from ASBED, please co-operate with capture and copy files, etc. Thanks.
It was bad enough that these guys had found one account I was using; now I knew they had found the second one as well. I was worried but at the same time pissed that I hadn’t caught on to the monitoring sooner.
I figured Asbed must have noticed that a huge amount of file space was being used that couldn’t be accounted for. When he took a peek, he would have realized immediately that some hacker was storing purloined software on the system. Since I had used several USC systems to store source code during my DEC hack in 1988, I assumed I was at the top of the suspect list.
I learned later that the Feds had started looking through the files and calling companies to alert them that proprietary source code had been lifted from their systems and was now residing on a server at USC.
Jonathan Littman wrote in his book The Fugitive Game about a meeting that took place in early 1994, convened, he says, by prosecutor David Schindler and held at the FBI’s Los Angeles office. Attending were “embarrassed and alarmed” representatives from the major cell phone manufacturers I had hacked into. Not a single person wanted it known that their company had been the victim of a hack—not even in this roomful of other victims. Littman says Schindler told him, “I had to dole out aliases. This guy was from company A, this guy was from company B. They wouldn’t do it any other way.”
“Everyone suspected Mitnick,” Littman wrote, adding that Schindler wondered aloud, “What’s the purpose of gathering all this code? Is somebody sponsoring him? Is he selling it? From a threat assessment, what can he do with it?”
Apparently it never occurred to any of them that I might be doing it just for the challenge. Schindler and the others were stuck in what you might call “Ivan Boesky thinking”: for them, hacking made no sense if there wasn’t money being made from it.
THIRTY
Blindsided
Ouop lqeg gs zkds ulv V deds zq lus DS urqstsn’t wwiaps?
By the late spring of 1994, I was still using my Eric Weiss identity and still working at the law firm in Denver. It wasn’t unusual for me to spend my entire lunch hour on my cell phone. This was long before the landscape became littered with people enjoying the freedom of gabbing wirelessly: these were the days when airtime still cost a dollar per minute. Looking back, I’m sure it must have seemed extremely suspicious that I spent so much time on the cell phone, especially since I was making only $28,000 a year.
One day all of us from the IT Department had a luncheon with Elaine and her boss, Howard Jenkins. During our idle chitchat, Jenkins said to me, “Eric, you went to college in Washington. How far were you from Seattle?”
I thought I had done enough background research to cover myself, having memorized the names of professors who were teaching at Ellensburg during the appropriate years to match my résumé and so forth. But I couldn’t even come close to answering this question. I faked a coughing fit, waved an apology, and, coughing all the way, hurried to the men’s room.
From a stall, I called Central Washington University on my cell phone and told the lady