Spooked in a game of cat and mouse between a hacker and the Feds

[InfoSec News <isn () C4I ORG>]

http://www.independent.co.uk/news/Digital/Columnists/2000-09/chris250900.shtml

'There'd be an agonising lull while we waited for the hacker to
strike'

By Chris Gulker

25 September 2000

"It's Agent Sayers from the FBI. We understand that you've been
hacked. We contacted you previously about this matter. Please return
this message at your earliest convenience?"

Well, that voicemail got my attention. The Feds were on to "bonez".
And me.

Last March, I wrote about the experience of being hacked. Your
correspondent, still a Linux newbie after months of effort, discovered
that his home-built Red Hat Linux machine had been commandeered and
turned into an IRC chatbot by someone named "bonez".

To put it plainly, "bonez" nailed me. And it took me two days to
notice. My friend Mark Anderson, a Unix guru, told me how to proceed.
"Format your hard drive to get rid of him. He just uses you to bounce
an IRC connection. You don't have enough bandwidth or disk to be
attractive to steal, and you aren't famous enough to be defaced."

Great.

I hadn't responded to the FBI's first call. I'd like you all to think
that I'm a courageous Netizen standing up for all our rights. A guy
with backbone, cojones and chutzpah. A fellow who will not just bow to
the machinery of the US government, when a higher moral purpose is at
stake.

That, and the fact that the first message was a bit cryptic. It just
said, "We think you've been hacked please call us." I thought it was
phone-spam from a virus software company.

The second message, especially the part about the FBI, got my full
attention. The Feds! I don't how one of Her Majesty's subjects would
respond, but I dropped a dime. And got the FBI agent's voicemail...

Now, I figured I'd call the FBI, and some husky voice would say
"Yes?", followed by silence, followed by the agent saying: "I'm
listening." Instead I got: "Hi, this is Agent Sayers. I'm either on
the phone or away from my desk. Please leave a message."

Sheesh.

So I left a message. Agent Sayers called back while I was on an plane
to Chicago. It took me two days to figure out the different prompts on
my mobile phone service's Chicago affiliated system. By then it was
Sunday, so I left a message. Agent Sayers returned the call while I
was in a meeting.

Stuck in phone tag with the FBI. This wasn't at all how I thought this
would play out.

I figured it would be like a passage from books like Takedown by
Tsutomo Shimomura and John Markoff, or The Fugitive Game by Jonathan
Littman. There'd be clandestine meetings at giant network facilities,
computer scientists and forensic experts sitting around glowing
screens hastily assembled on folding tables.

There'd be computer experts writing sniffer scripts and checking
server logs. We'd all dash off suddenly in an unmarked van loaded with
radio direction finders and more computers. There'd be an agonising
lull while we waited for the hacker to strike again, unknowing that
his or her every move was being watched. Every hack attempt, every
packet sent would point closer and closer to the hacker's lair. Would
it be a basement in Brooklyn? An attic in Albuquerque?

Or would it be voicemail hell?

Finally, my mobile phone rang. I was on the Dumbarton Bridge, right at
the top, overlooking the San Francisco Bay. Silicon Valley stretched
out in front of me. It was Agent Sayers.

"Well, you've certainly been busy," she said. "Glad I finally got hold
of you."

I remained noncommittal. I didn't want info being dragged out of me.
I've seen lots of cop-and-robber shows. I know all about that good
cop, bad cop thing. I was going to play this one real cool.

"Are you aware you were hacked?" she asked. Considering that I'd kept
that secret from all but about half a million Independent readers, and
that the column had been posted on The Independent's website as well
as on my own, I guess I had to confess.

"Yes," I said. "How did you find out?"

"We can't tell you that," she said. "Can you give me an estimate of
your damages?"

My damages. Hmmm. It had taken me 30 minutes to reformat the hard
drive and reinstall Red Hat Linux. Good programmers in the Valley can
command $300 an hour. Great computer scientists here can command fees
as high as $35,000 a day.

"Uh, oh, I'm not sure," I wimped. "It took me a couple hours." Most of
that was the time I had spent writing the column about it.

"Surely your time is valuable, worth something," prompted Agent
Sayers.

Quick flash. It's a tense courtroom scene. The government's case has
come down to my claim that my time was worth thousands of dollars. The
hacker, a 12-year-old, sits in the dock, looking at me with an
innocent face.

The hacker's New York attorney, his fees paid by the Electronic
Freedom Foundation, is bearing down:

"Surely you must be kidding that your time is worth all this money, Mr
Gulker. Didn't you just reformat your drive? Didn't you have to do
that dozens of times anyway, when you made mistakes or misconfigured
your Linux system?"

I folded. "Uh, look, Agent Sayers. This was really just a hobby
machine, and I've had to reformat the hard drive lots of times just to
fix my own mistakes."

"Oh, I see", she said. "Thank you for your time."

The phone clicked dead.

cg () gulker com

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".