Ghost in the Wires_ My Adventures as the World's Most Wanted Hacker - Kevin Mitnick [160]
We arrived twenty minutes early, and I sat inside the tiny DMV office on a cheap plastic chair, anxiously waiting for the school’s car to drive up. In less than two hours I should be able to walk out with my brand-new identity in the name of Michael David Stanfill.
As I looked up, the driving instructor walked in the door. Son of a bitch! It was the same guy I’d had for my Eric Weiss identity two years earlier. He must have changed driving schools. Just my luck!
It’s remarkable how the subconscious mind can swing into action and devise a plan in an instant. I opened my mouth, and what came out was, “Hey, I know you. Where do you shop for groceries?”
“Smith’s, on Maryland Parkway,” he answered as he struggled to remember where he recognized me from.
“Yeah, right,” I said. “That’s where I’ve seen you. I shop there all the time.”
“Oh, I thought I’d seen you before,” he said, sounding satisfied.
Now I had to change my story because I had used “London” the last time as well. Instead, I told him I had been serving in the Peace Corps in Uganda and hadn’t been behind the wheel of a car in five years.
Worked like a charm. He was pleased with how quickly I recovered my driving ability.
I passed the test without a hitch and walked away with my Michael Stanfill driver’s license.
PART FOUR
An End and a Beginning
THIRTY-THREE
Hacking the Samurai
Ozg ojglw lzw hshwj gf AH Khggxafy lzsl BKR skcwv ew stgml?
With my new identity credentials in order, it was time to get clear of Las Vegas before my luck ran out. The 1994 Christmas/New Year’s holiday time was just ahead, and I couldn’t resist the idea of a return visit to Denver, a city I had grown so fond of. Packing up, I took along an old ski jacket of mine, thinking I might be able to get in a little more time on the slopes over the holidays.
But once I arrived in Denver and settled into an attractive, medium-priced hotel, two people I had never met—that arrogant Japanese-American security expert whose server I had hacked into a year earlier, the other an extraordinarily skilled computer hacker in Israel—would become actors in a drama that would change the entire rest of my life.
I had come across an Israeli who went by his initials, “JSZ”; we met over Internet Relay Chat, an online service for finding and chatting with strangers who shared similar interests. In our case, the interest was hacking.
Eventually he told me that he had hacked most if not all of the major software manufacturers that developed operating systems—Sun, Silicon Graphics, IBM, SCO, and so on. He had copied source code from their internal development systems and planted backdoors to get back in anytime he wanted. That was quite a feat—very impressive.
We started sharing our hacking conquests with each other and information on new exploits, backdooring systems, cell phone cloning, acquiring source code, and compromising the systems of vulnerability researchers.
During one call he asked if I had read “the Morris paper on IP spoofing,” which revealed a major vulnerability in the core protocol of the Internet.
Robert T. Morris, a computer prodigy, had found a clever security flaw that could be exploited using a technique called “IP spoofing” to bypass authentication that relied on the remote user’s IP address. Ten years after Morris published his paper, a group of hackers, including JSZ in Israel, had created a tool for it. Since it was only theoretical up to that time, nobody had thought to protect against it.
For the technically minded, the IP spoofing attack in this case relied on an older technology known as the R-services, which required configuring each computer system so that it would accept trusted connections, meaning that a user could log in to an account—depending on the configuration—without needing to provide the password. This made it possible for a system admin