Ghost in the Wires_ My Adventures as the World's Most Wanted Hacker - Kevin Mitnick [174]
Whenever I logged in to my account on escape.com, there was always a notification displaying the date and time of my previous log-in. The first thing I did each time I logged in was truncate the log entries to eliminate any trace of my comings and goings. But this time when I logged in, I immediately noticed that someone else had logged in to my account… from the Well. Someone else had been there. What the fuck?
I immediately went to the Well and started poking around, but didn’t find anything that led me to the mystery spy.
I disconnected immediately, feeling like I was being watched.
Meanwhile, a Sprint engineer was trying to make sense of the number that GTE had traced as originating from the Sprint network. When he searched through the company’s customer records, the number didn’t come up, which seemed strange. But then the engineer realized it wasn’t a Sprint number at all—in fact, it didn’t even have a cellular prefix. Shimmy asked the FBI to set up a conference call so he could discuss this oddity with the engineer at Sprint. Then he decided to try calling the number himself, to see if anyone would answer. As soon as the call connected, he began to hear a kerchunk-ing noise that would get quieter and quieter until the call was dropped. This was intriguing to him and the engineers. It appeared that I had set up a fail-safe to prevent them from tracing me back, and they wondered if I could have tampered with the switch.
My using Sprint’s cellular network to dial in to Netcom through my cut-out number made it look as if the cut-out number was originating from Sprint’s network when it really wasn’t. This was because both the cut-out number and Netcom’s dial-up number were in the same switch. The Sprint engineer now decided to change tactics and perform what’s known as a “terminating number search.” Rather than looking for calls placed from the traced number, he looked for any subscriber calls to that number.
It didn’t take him long to hit pay dirt. His search through the call detail records indicated that the traced number had been called numerous times from a Sprint cell phone—or rather, from the cell number I was using to dial in to Netcom, a phone with a Raleigh area code.
The technician noticed that the calls were usually being routed through the same cellular phone tower. That meant that the phone on the other end was likely in a fixed location. So they now knew where I was: Raleigh.
As soon as the engineer told Shimmy what he had figured out, Shimmy hopped on a plane, destination Raleigh.
I tried calling and emailing JSZ in Israel several times to rule out the unlikely possibility that he had recently accessed my “escape.com” account from the Well. On Sunday afternoon, while Shimmy was winging his way to Raleigh, JSZ sent me a message that left me up in the air:
Hi,
This AM my dad had a serious heart attack and is hospitalized here; I have been at the hospital all the day, and probably will be there all day on tomorrow as well; Don’t expect me to be on computers during next 3–4 days—I hope you understand.
Rgrds,
Jonathan
Growing more and more nervous, I immediately logged on to the phone company switch that serviced the dial-up numbers to Netcom through Research Triangle Park—one of the routes I had been using in Raleigh for Internet access. It was in fact my preferred route because cell phone calls direct to Netcom in Denver and elsewhere were not of good quality for long dial-up sessions.
When I examined the Netcom dial-up number in the switch, it indicated that the modem number had a trap-and-trace activated! I started