Ghost in the Wires_ My Adventures as the World's Most Wanted Hacker - Kevin Mitnick [173]
While I was doing this, I later learned, Shimmy and his team were watching. They had been passively monitoring incoming network traffic at both the Well and Netcom. It was a very easy thing to pull off because the Internet service providers had given his team full access to their networks.
After setting up surveillance at Netcom around February 7, Shimmy asked one of the network admins to search the system accounting records of Netcom, looking for any users who had been logged in at times when the Well’s accounts were being illicitly accessed by some user at Netcom. The admin searched through the accounting records by matching the log-ins and log-outs that had occurred during the intrusions, and was eventually able to track down one of the accounts accessing the Well from Netcom’s network. It was the “gkremen” account, and it was mostly being used to dial in to Netcom through the company’s modems in Denver and Raleigh.
The next day, when I was searching Markoff’s email for anything related to me, I ran a search for the string “itni” (since searching for the name “Mitnick” would have been a dead giveaway). But Shimmy and his team were watching me in real time, and when they saw this search, it confirmed their suspicions that I was their intruder.
Shimmy contacted Kent Walker and let him know that the intruder was coming in through dial-up modems in Denver and Raleigh. Shimmy asked Walker to put a trap-and-trace on the dial-up number to Netcom in Denver that I had been using. (This was, again, a very unusual request for a civilian to make of an assistant U.S. attorney: ordinarily, only law enforcement agencies make such requests.)
Walker contacted the FBI in Denver, and Denver checked with the Los Angeles FBI office for an okay. But the LA office wanted Denver to stay out of it. Instead, in what sounds like an intra-agency turf war, an agent at the LA office told the people in Denver they were not to assist with setting up a trap-and-trace. They all wanted a piece of me. If I’d known about the squabbling at the time, I might have been able to use it to my advantage.
As soon as “gkremen” logged on from Raleigh, Shimmy’s team asked an FBI agent to contact General Telephone, the telephone company that provisioned Netcom’s dial-up numbers in Research Triangle Park, and request that the call be traced in real time. After a couple of attempts, General Telephone’s technicians completed a successful trace. They passed on the number to the FBI and advised that it was originating from Sprint’s cellular network.
But this wasn’t information that would lead my pursuers anywhere. To provide an extra layer of protection, I had previously set up what I call a “cut-out number.” The first part of this involved hacking into a phone company switch, finding an unused phone number, and adding call forwarding to the line. Then I set a different billing number in the switch so any calls placed from that number would appear to be originating from the billing number rather than the actual number. Why? I had discovered a flaw in the switch software: it would sometimes report not the actual phone number that a call was originating from, but the billing number. So if phone company techs tried to trace some of my calls, they might not immediately discover my cut-out number—the number I was routing my calls through—but instead would come up with a phone number assigned to some random customer I chose. I knew that some switch technicians were not even aware that a trace might report the billing number, which gave me an extraordinary extra level of protection. In any case, in my experience, the phone companies never caught on to my using a cut-out number to make it harder to trace where my calls were originating from, because it never occurred to them that someone might have hacked into their switch.
Several weeks earlier,