• Choose a category
• All
• Classic-Fiction

This time, no worries. As usual, it worked.

Oh, well—not entirely. I got to the CMB system, which handily turned out to be a VAX running my favorite operating system, VMS. But I wasn’t really a PacTel Cellular employee, so I didn’t have a legitimate account on the machine.

In a call to the Accounting Department, I posed as an IT staffer and asked to speak to someone who was currently logged in to CMB.

Melanie came on the line. I told her I worked with Dave Fletchall in IT and said we were troubleshooting a problem with CMB—did she have a few minutes to work with me?

Sure.

I asked her, “Have you changed your password lately? Because we’ve just done an upgrade to the software for changing passwords, and we want to make sure it’s working.”

No, she hadn’t changed her password lately.

“Melanie, what’s your email address?” At PacTel Cellular, an employee’s email address was also his or her username, and I was going to need her username to log in to the system.

I asked her to close all her open applications, log out of the system, and then log back in, so I could determine whether she could access the operating system command line interface. Once I confirmed she could, I asked her, “Please type ‘set password.’ ”

She would then be looking at a prompt reading “Old password.”

“Type your old password, but don’t tell me what it is,” and I gave her a gentle lecture about never telling anyone her password.

At that point she would be looking at the “New password” prompt.

By now I was dialed in and standing by.

“Now enter ‘pactel1234,’ and when you get the next prompt, enter that password again. And hit Enter.”

The instant I heard her finish typing, I logged in with her username and the “pactel1234” password.

Now for multitasking in split-brain mode. I was feverishly typing away, entering a fifteen-line program that would exploit an unpatched VMS vulnerability, then compile and run it, setting myself up with a new account, and providing the account with full system privileges.

Meanwhile, through all of this, I was simultaneously feeding instructions to Melanie. “Now please log off your account…. Now log in again with the new password…. You got in okay? Great. Now open all the applications you were using before and check to make sure they’re working the way they should…. They are? Fine.” And I walked her through the “set password” process again, once more cautioning her not to tell me or anyone else the new password she was setting up.

I had now gained full access to PacTel’s VMS cluster, which meant I could access customer account information, billing records, electronic serial numbers, and much more. This was a major coup. I told her how much I appreciated her help.

It wasn’t as if I was home free now. I spent the next couple of days finding out where the CDRs were stored and maneuvering for access to the customer service applications, so I’d be able to probe at leisure to find the name, the address, and all sorts of other information on every phone account.

The CDRs were on a huge disk, storing near real-time data on every call to and from customers in the LA market for the previous thirty days or so—a bunch of very large files. I could search right on the system, though every search took me something like ten to fifteen minutes.

Since I already had Eric’s pager number, that was my entry point. Had anyone on PacTel called Eric’s pager, 213 701-6852? Of the half dozen or so calls I found, two jumped out at me. Here are the listings, exactly as they appeared on the PacTel records:

2135077782 0 920305 0028 15 2137016852 LOS ANGELE CA

2135006418 0 920304 1953 19 2137016852 LOS ANGELE CA

The “213” numbers at the beginning of each line are the calling numbers. The number groups starting with “92” indicate the year, date, and time—so the first call was made on March 5, 1992, at twenty-eight minutes past midnight.

The first calling number was one I recognized: it was the phone number on Eric’s rental application, which I already knew was listed in the name of one