• Choose a category
• All
• Classic-Fiction

The very first thing I did was grab a copy of Neill’s email directory and look through each and every file. Damn! Nothing interesting—no bugs! I was disappointed. So close and yet so far. And then I had an idea: maybe he was sending emails and then deleting the messages immediately afterward. So I checked the system mail logs.

My eyes lit up: the mail log files showed that Neill was sending messages to some guy named Dave Hutchins at DEC, sometimes two or three of them in a single week. Shit! I really wanted to see the contents of those messages. At first I figured I would examine all the deleted file space on the system’s disk looking for the deleted emails to Hutchins, but then I came up with a better plan.

By reconfiguring the mail exchanger on Hicom, I could rig it so that whenever Neill sent a message to any email address at DEC, it would be redirected to an account I had hacked at USC. It was like adding call forwarding on all “dec.com” email addresses to forward to my account at USC. So I actually would be catching all emails sent to any “dec.com” address from anyone on Hicom.

My next challenge was to find an effective means of “spoofing” emails to Clift so they would look as if they were coming from DEC. Rather than spoofing messages over the Internet—a step that could be spotted if Neill looked closely at the email headers—I wrote a program that forged the email from the local system so I could spoof all the headers as well, making the deception virtually undetectable.

Every time Neill sent a report of a security hole to Dave Hutchins at DEC, the email would be redirected to me (and only me). I would soak up every detail and then send back a “thank-you” message that would appear to have been sent by Hutchins. The beauty of this particular hack—known as a “man-in-the-middle” attack—was that the real Hutchins, and DEC, would never receive the information Neill sent them. This was so exciting because it meant, in turn, that DEC would not be fixing the holes anytime soon, since the developers wouldn’t know about the problems—at least not from Neill.

After spending several weeks waiting for Neill to get busy with his bug hunting, I became impatient. What about all the security bugs I’d already missed? I wanted every one of them. Attempts to break into his system over dial-up were unlikely to work because there wasn’t much I could do at a log-in prompt but guess passwords, or maybe try to find a flaw in the log-in program itself, and he surely had security alerts enabled for log-in failures.

A social-engineering attack via the telephone was out of the question because I knew Neill would recognize my voice from a couple of years earlier. But sending believable fake emails could win me all the trust and credibility I would need to get him to share his bugs with me. There was a downside, of course: if he caught on, I would lose access to all his future bugs because he would certainly figure out that I had compromised Hicom.

But what the hell? I was a risk taker. I wanted to see if I could pull it off.

I sent Neill a fake message from Dave Hutchins, advising that Derrell Piper from VMS Engineering—the same guy I’d pretended to be when I called him the last time—wanted to communicate with him via email. VMS Engineering was ramping up its security processes, I wrote, and Derrell would be heading up the project.

Neill had in fact communicated with the real Derrell Piper several months earlier, so I knew the request would sound plausible.

Next I sent another faked email to Neill posing as Derrell, and spoofing his real email address. After we exchanged several messages back and forth, I told Neill that “I” was putting together a database to track every security issue so DEC could streamline the resolution process.

To build further credibility, I even suggested to Neill that we should use PGP encryption because we didn’t want someone like Mitnick reading our emails! Soon thereafter we had exchanged PGP keys to