Ghost in the Wires_ My Adventures as the World's Most Wanted Hacker - Kevin Mitnick [61]
He was home when I called. I told him I was with Pacific Bell Engineering, that we wanted to make some customized improvements to our “SAS infrastructure,” and that I needed to talk to someone who knew the technology. He wasn’t the least bit suspicious. He said it would take him a couple of minutes, then came back on the phone and gave me the name and phone number of the guy who had been the lead engineer in charge of the product development team.
One more thing to do before placing the crucial phone call. At that time, Pacific Bell internal phone numbers began with the prefix 811; anybody who had done business with the company might know that. I hacked into a Pacific Bell switch and set up an unused 811 number, then added call forwarding and forwarded it to the cloned cell phone number I was using that day.
The name I gave when I called the developer was one I still remember: Marnix van Ammers, the name of a real Pacific Bell switching engineer. I gave him the same story about needing to do some integration with our SAS units. “I’ve got the user’s manual,” I told him, “but it doesn’t help for what we’re trying to do. We need the actual protocols that are used between the SAS equipment in our testing centers and the central offices.”
I had dropped the name of an executive at his old company and was using the name of a real Pacific Bell engineer. And I didn’t sound nervous; I wasn’t stumbling over my words. Nothing about my call set off alarm bells. He said, “I might still have the files on my computer. Hang on.”
After a couple of minutes, he came back on the line. “Okay, I found them. Where do you want me to send them?”
I was too impatient for that. “I’m under the gun here,” I said. “Can you fax them?” He said there was too much material for him to fax the whole thing, but he could send a fax with the pages he thought would be most useful, and then mail or FedEx me a floppy with the complete files. For the fax, I gave him a phone number I knew by heart. It wasn’t to a fax machine at Pacific Bell, of course, but it was in the same area code. It was the fax number for a convenient Kinko’s. This was always a little risky because many machines, when they’re sending a fax, display the name of the machine they’re connecting to. I always worried someone would notice the tag saying “Kinko’s store #267” or whatever: dead giveaway. But as far as I can recall, no one ever did.
The FedEx was almost as easy. I gave the engineer the address of those places where you could rent a mailbox and have packages held for you, and I spelled out the name of the Pacific Bell employee I was claiming to be, Marnix van Ammers. I thanked him, and we chatted for a bit. Chatting is the kind of extra little friendly touch that leaves people with a good feeling and makes after-the-fact suspicions that much less likely.
Even though I had been practicing the art of social engineering for years, I couldn’t help but be amazed and a little dazzled by how easy this had been. One of those moments when you feel that runner’s high, or as if you’d won a jackpot in Vegas—the endorphins are rushing through your body.
That same afternoon, I drove to the mailbox rental store to set up a box in Van Ammers’s name. They always require ID for this. No problem. I explained, “I’ve just moved here from Utah, and my wallet was stolen. I need an address where they can mail me a copy of my birth certificate so I can get a driver’s license. I’ll show you the ID as soon as I get it.” Yes, they were violating postal regulations by renting me a box without seeing my ID, but these places are always eager for new business;