Computer underground Digest Sun Oct 30, 1994 Volume 6 : Issue 94 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Retiring Shadow Archivist: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Mini-biscuit editor: Guy Demau Passant CONTENTS, #6.94 (Sun, Oct 30, 1994) File 1--Interview with Erik Bloodaxe (GRAY AREAS REPRINT) File 2--Cu Digest Header Information (unchanged since 23 Oct 1994) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. ---------------------------------------------------------------------- Date: Sun, 30 Oct 1994 18:22:12 CDT From: CuD Moderators Subject: File 1--Interview with Erik Bloodaxe (GRAY AREAS REPRINT) ((MODERATORS' NOTE: The following are portions of an interview with "Erik Bloodaxe" by Netta Gilboa of Gray Areas Magazine. Gray Areas is an eclectic arts and culture magazine that focuses on the fringes of society. It's one of the best sources for information on rock and alternative music, controversial social issues, computer culture, and other topics that aren't covered elsewhere. It's a steal $18 for four issues, or $50 for three years. For information, write: Gray Aras PO Box 808 Broomall, PA 19008-0808 Or, e-mail them at grayarea@well.sf.ca.us For those new to computer culture, "erik bloodaxe" was a member of the original "Legion of Doom," a modest media celebrity, and more recently, the editor of Phrack)). ((Excerpts from interview with Chris Goggans at Pumpcon, 1993. From: GRAY AREAS, Fall, 1994 (Vol 3, #2): pp 27-50)) (A.K.A. ERIK BLOODAXE) By Netta Gilboa Netta Gilboa: What is Phrack magazine? Chris Goggans: Phrack is the longest running underground publication. I don't really know how to describe Phrack. Phrack just sort of is. Phrack is an electronic magazine that deals with topics of interest to the computer underground; different types of operating systems, weaknesses in system architectures; telephony; anything of any relevance to the community in which it was intended for, that being the computer underground. It has always tried to paint a picture of the social aspects of the computer underground rather than focus entirely on technical issues. So in that way it adds a lot of color to what's going on. GA: How did you get involved with publishing Phrack? CG: Well, I got involved when the person who was editing it at the time, Dispater, got into a motorcycle accident and as a result of this, had a lot of other financial hardships, so he wasn't going to be able to do it any longer. Its original editors, Craig Neidorf (Knight Lightning) and Taran King, had no interest in doing it themselves any longer for, at least in Craig's case, obvious personal reasons, and there really was no one else who could take it over. I was of the mind set that Phrack had been around so long that it had almost become something of an institution. I, being so ridiculously nostalgic and sentimental, didn't want to see it just stop, even though a lot of people always complain about the content and say, "Oh, Phrack is lame and this issue didn't have enough info, or Phrack was great this month, but it really sucked last month." You know, that type of thing. Even though some people didn't always agree with it and some people had different viewpoints on it, I really thought someone needed to continue it and so I kind of volunteered for it. And there was a little bit of discussion amongst some people. First Craig was really hesitant to say, "Yeah, well maybe you should take it over." A lot of this was being held up by Taran King who said, "Well, we just don't want your politics getting involved." Because, apparently, I have some hidden political agenda that differed with what they thought the role of Phrack should play. Eventually they decided that there is really no one else who could do a job well enough to continue it in the spirit in which it had been formed and I started with issue 42. And I think that one went over very well. That issue was pretty hilarious because it had a lot of stuff about packet switching networks, and it was a big slap in the face to B.T. Tymnet. I had a whole lot of fun with that issue. Since then, it's gone over really well, at least from everyone I've talked to. Of course there' have always been a few dissenters that say, Oh, Phrack sucks, but these are the same people who won't tell you why. They're just saying it to try to get a rise out of me or something, but everybody seems to appreciate the time and effort that goes into putting this out and especially since I'm getting nothing out of it. There's kind of a funny side to that. After I took it over, I went ahead and I registered it with the Library of Congress and I filed a DBA as Phrack magazine and for the first issue I put out a license agreement, sort of, at the beginning saying that any corporate, government or law enforcement use or possession of this magazine without prior registration with me was a violation of the Copyright Law, blah, blah, blah, this and that and Phrack was free to qualified subscribers; however, in order to qualify as a qualified subscriber, one must be an amateur computer hobbyist with no ties to such a thing. And this really went over like a ton of bricks with some people. A lot of corporate people immediately sent back, "Please remove my name from the list." I had a few other people say, well, "We're going to pay, but don't tell anybody we're going to pay." Of course, they never did. There was only one person who actually did pay, so, you know, I used that as wonderful ammunition for the next issue saying that all of them are lying, cheating scums and they have no respect for our information so why should they think it odd that we have any respect for theirs. GA: And you actually named a few people. CG: Yeah, I named several people who were not only getting the magazine but in one case, they were spreading it around and, of course, none of them even contacted me for registration. It was all, I had a riot with it. It was a lot of fun. And, I'm still going to include that in every issue because I still expect them, if they're going to be reading my magazine, to please have some shred of decency and pay the registration fee, since it's a lot less than any other trade publication that they'd be buying regardless, and certainly a lot more voluminous and contains a lot more information than they're going to find in any other magazine dealing with computer security. GA: Is the agenda for that decision to get publicity, to have grounds to sue people who you don't like, or to gain financially? CG: Well, I never expected to gain anything financially. You know, a lot of the people who are still in the so-called "underground" are also working in various fields which might put them in conflict with the registration agreements, and we're very liberal about that. I mean, if someone just because they're working at, let's say... GA: Gray Areas, Inc. CG: Yeah, Gray Areas, Inc. or the people who might be independent, like LAN consultants, you know, just 'cause someone's working in the field, I'm real flexible about that. Then if someone sends me mail, and I get a lot like that, which says, "Well, I'm assistant administrator here at the university and there's no way they'll pay for it." I'm like, "Don't worry about it." You know, "We'll make an exemption in your case." But it's the people, the Gene Stafford's of the world, the Ed DeHart's of the world. Those are the people who have always pointed the finger at the people who this information is intended for and called them bad. They're the ones who don t register their subscriptions and the people of their mind set and the people of their ilk, I guess. As far as publicity, it didn't gain any publicity. It wasn't any kind of stunt. My biggest concern in doing this was to try to protect this information and I didn't want to see it being resold. With the prior Phracks up 'til 41, there are companies out there, for example Onion Press who sells hard copies of Phrack, and I don't want anything that I'm putting time and effort into being resold. I don't want it in the CD-ROMs. There's are several CD-ROMs out right now with a bunch of text files from the computer underground. So, I wanted to copyright this information, put it out. It's a magazine, I'm doing it, it's my magazine. The DBA is in my name, I hold the copyright and no one's going to resell this. If it's going to be presented in some other format, I want to be able to control that. And, it's not necessarily a kind of power play. It's just I want to protect it. I mean, I don't think you'd appreciate people all of a sudden saying, "Now I'm going to put up the electronic version of Gray Areas." ======================= GA: Many years ago, Phrack had a problem with a telephone company regarding a document that they printed, and a lot of people have said that if it was a paper publication as opposed to an electronic publication, that might never have happened. CG: Yeah, well, I mean, that's obvious. You look at magazines like 2600 and just because they're black letters on a white page instead of white letters on a black screen, they get away with a lot of stuff. They get threatening letters from Bell Cores. They like to publish them in their magazine, but they haven't been taken to task for any of that. You don't see them in any sort of court for this and the mere fact that the very document that they are saying was so proprietary was available for $19.95 from the Bell Core order line. That sort of stands to prove that they were just looking for a scapegoat, a figurehead in the underground community to use as an example for the rest of the people to say, "Well, we ll take down Phrack. That'll show them. That'll scare them." It's the same kind of thing that they tried to do with The Legion of Doom. They said, "Well, we took down the Legion of Doom." I heard it from one person, you know, you cut off the head, the body will die. It's like, AT&T or somebody had somebody map out the computer underground, they had Phrack magazine in the middle of a hub and the Legion of Doom above that; arrows going and pointing out how the computer underground networks together, and obviously, these people think there's a little more structure to it than there is. They don't realize that it's complete anarchy. I mean, no one's controlling anybody else's actions. To set out one example and hope that everybody else is going to learn from that one example is ludicrous. GA: What sort of problems do you encounter publishing it? CG: It takes up a lot of my time, my spare time, which is growing incredibly smaller and, I mean, I've overextended myself on a number of projects and since I've definitely got a commitment to Phrack, it's one that I can certainly shirk if I decided to since I'm not indebted to anybody to do it really. I'm not going to pass it up because I really want to make sure it continues to be published. That's the biggest problem I face, time. Then there are people who say, "Oh, I'm going to send you a file on this," and they don't. You know, thanks a lot. And I always rag on those people. In fact, in the beginning of Phrack 44, I said, "Yeah, and for the people who said they're going to send me a file and didn't, you know who you are, and you always have to live with your own guilt." I mean, it's typical hacker stuff. "I'm going to do this." And they start it and they forget about it. GA: It's funny though because I've had incredible cooperation from those people; more than I've had from any other community that we deal with. Do you think it's because I'm a girl or because it's on paper? CG: Well, it might be a little of both. The kind of files that go in Phrack, I don't think Gray Areas is going to publish. You know, how to use the Role 9000 CBX, or here's how to hack system 75's, or secret sectors and units, or publish C programs. You get a different type of thing. Maybe there are people who feel a lot more comfortable writing cultural type pieces or special interest pieces than they would writing technical stuff. And to try to compensate for that. I've put in a lot more stuff in the issues that I've been dealing with, to deal with the culture. Like I started something last issue trying to get people from different countries to write about what it's like in that country. And I had a file in from Ireland; I had a file in from Germany; I had a file in from Canada. This issue I've got another one from a different part of Canada and I've got one from Sweden and I'm waiting on a couple of others. Because, as the computer underground goes, it's, people like to have this idea that it's this closely knit thing of all these hackers working together, and see how they're trading information. But it's not. I don't know anything that's going on in other countries except for what the few, select people from those countries who hang out in the same areas that I do tell me. But there's so many people and so many countries doing things. They've got their own little pirate wares, trading scenes, they've got their own little virus scenes, they've got their freaking things. Stuff that works on their own system, only works in their country; and they have their own secret ways of doing things, and their own networks that they like to hack, and they all hang out on certain deals and they have their own little lore about the busts, or super hackers from their country, and that's the kind of stuff that's just great to find out. Because, otherwise, you would never know. And it's really, really interesting to read what these people are up to and no one names names. They're just talking about what it's like to be a hacker in their country, and that's the kind of cool stuff that I want to continue to do. ======================= GA: I suppose we should get into your background and how you became qualified to run Phrack. CG: I don't know if it's a qualification to run Phrack... GA: Well, obviously, there are an awful lot of people who could have been considered but weren't. CG: Yeah, well, I guess so. GA: What sort of stages did you go through? From the time that you first discovered computers and so on until today? CG: I kind of went through an exponential learning curve from the very beginning and it plateaued out for a while and it's just been a steady growth since then. At least I tried to maintain that because there's so many new developments that come out and I try to stay abreast of everything that's going on. I started messing around with computers a very long time ago. For any number of reasons, I always have problems trying to place the exact date. GA: What sort of computers were there? That dates it a little. CG: Well, the very first computer I did anything on with a modem was an Apple II, and a micro modem II. It was a friend of mine's dad's. He was a lawyer. He got it so he could get on Dialogue, because it was like the brand new service for lawyers. They could go on and look up legal briefs and it was all exciting. So, this friend of mine was showing it off, I guess maybe 5th grade, 6th grade, somewhere around there? A long time ago. And, in order to get on Dialogue, you had to dial this special number. Well, we got on, followed the instructions, got on Dialogue, looked at it, said, "This is really cool." And we noticed that, "Well, gee, in order to get on Dialogue, you have to dial this number" which was 415 something. Well, what happens if you type in a different number? So we typed a different number somewhere else. And, that was sort of it. We spent the vast majority of that night trying different addresses on Telenet and actually got into a system. And, this was the first time I had ever been on a modem and, I mean, it was just natural. We were like, wow! We didn't have any concept of what a network was, we couldn't imagine what this meant. The concept of being able to call one little number and connect to computers around the entire country was so mind boggling, so strange to us that we were sucked into it. As a little bit of background to this, I had already been messing around with telephones before this and this is a ridiculous story that a lot of people give me a lot of s--- about but, I mean, I don't really care. A friend of mine and I had stolen a dirty magazine from a convenience store and rifling through it, it was like a High Society or something like that. GA: Probably not. There were no such things then. They didn't start until 1975-76. CG: Well, this is back in 1980. I'm not that old. I turned 25 in May, so it wasn't that long ago I guess in the grand scheme of things. But, to me it was a hell of a long time ago. So anyway, we had stolen a High Society from them and in it, it said, "Call this number right now." It was 212-976-2626 or 212-976-2727, a brand new service. I said, "We got to call that number. We can't call that number, that's a long distance number, we'll get in trouble." It was like, "No, we gotta call that." So, we went back over to his house, and his Mom works. She was working, it's funny, she was actually working at Datapoint. She was at work, it was the summer, so we got there and dialed it up, listened to if for, like you know, some phone sex recording. Wow! You're a little punk kid, of course, that's just great to hear some crazy recording like that. We hung up after it was over and were like, "Man, that's great. We're going to have to call that other one. No we can't call the other one. He says, "Well, actually maybe we can, but if we're going to call it, we need to use this thing that my Mom's got." What thing? He said, "Well, it's this thing that's supposed to make her phone bill cheaper." And, it was a company that started up way back then called LDS. It was a Watts re-seller and they had a local dial-up number, you call up and you gave the operator who answered the phone a code, you read it out to her and she connected the call. I think at that time it was a four or five digit code. So we called up, gave it to her, gave her the number, the call went through. So, next time you call her back, give her someone else's number. Goes, "nah." So we called up, added ten to the number we had and placed the call. It was like, "Well, that's really cool." And it's funny that I've done that prior to doing anything on the computer because shortly thereafter, after being on the computer and discovering networks and after that, discovering bulletin boards, it became readily apparent to me how the marriage of the two was inevitable because there was no way in hell I'd be able to call a bulletin board any place other than down the street and not get beat to death by my parents for raking up very large phone bills. And after that, it kind of just shot up exponentially like I said before. From such humble beginnings. ======================= CG: Which connected, at the time, I think now they have limits as to how many people. At the time, it was basically unlimited. You could take as many people as you wanted on your conference. And they had a lot of different features that they don't have now. Like, you could transfer control. And we used to do all sorts of ridiculous stuff. One of my favorite tricks was to call up Directory Assistance and, at the time, I don't think they do this any more, I haven't really bothered to check in about five years, but at the time, Western Digital who made all the automatic call distribution systems for Directory Assistance since they were still the Bell system; they had a feature in there that would send it into a test mode. If you called up and just as the ACD system kicked in, it started to cue a call for the next available operator if you held down a D tone. A lot of your readers might not know this, but on a standard touch tone phone, there are really four rows and four columns and not three rows and four columns. There's an extra column that's left out and that's A, B, C, and D. Well, I had a phone that had A, B, C, and D on it. There's a number of different ways to build a tone generator, they'll do that and a lot of modems will make those tones or what have you. But, anyway, there was a trick at one time by holding down the D tone, if you called Directory Assistance, it'd throw the ACD into its maintenance mode. And, one of the features on this was to do a test of a circuit by establishing basically a loop so, if someone would call, hold down a D, get thrown into the maintenance mode, get the 5 key, they'd get onto one side of the mode. Someone else could call back in, hold down the D key, hit 6, get on the other side of loop, and then you could talk. Well, I used to call Directory Assistance from the conference, hold down the D key, hit 5, add that into the conference, the loop, transfer control to Directory Assistance and then call back in on the other side of the loop and then take control of the conference that way. So, if any of the test people who were working on the software for Alliance and working on getting the bugs worked out of everything, if any of the engineers would go back to look and see why these circuits were active and they'd look to see who was running control of this conference, they'd see it was Directory Assistance and it really used to confuse the hell out of them. We got a great deal of mileage out of that because, you know, I don't really think they knew how, but somehow it kept going. But anyway, on these conferences, I got hooked up with a group of really, really, really, really smart people and by sitting and talking with these people, and learning what they knew, because like I said before, everyone was really open and everybody wanted everybody to learn. If more people were working on a project, everybody had a better chance of learning and succeeding then if just one person decided to hoard it all to themselves. >From being on these conferences and talking about to all of these people and sharing information with all of these people, I was eventually asked to join a group that was being formed at that time and it ended up being called The Legion of Doom. GA: How did it get called Legion of Doom? Who named it? CG: I don't know. The person whose idea it was to start the group, his handle was Lex Luther and from the DC Comics, Lex Luther's infamous group of anti-heroes was The Legion of Doom, so it was pretty a natural choice. A lot of stuff has been attributed to it lately, such as it being a sinister type name. Well, Lex Luther couldn't possibly have called his group anything other than the Legion of Doom. Anybody who has every read a Super Friends comic knows that's exactly what it was called. As The Legion of Doom continued on in its growth and its endless quest of knowledge about different operating systems and networking technologies and phone systems and everything else, the reps of everybody involved in the group sort of kind of sky rocketed because everybody by us all working together, we had a better resource of knowledge to provide the people and by continuing to do so, everybody, I guess, built up a sort of respect for the group and some of it has even lasted to today, even though the group is no longer around. A lot of things that it affected still linger on in the community. GA: There's been a lot of debate about who was in that group. Seems like everybody in the world wanted to be. Ha, ha. So many of the hackers I meet say they were. CG: There are always going to be people who want to run around and say, "Yeah, I was in the Legion of Doom." And I know everybody who was in it. I've got a list of everybody who was in it and written about everybody who was in it. We all know who was in it, so it really does not make any difference. If some joker off the street is going to come up and say, "I was in The Legion of Doom," who really cares, you know, what's it going to get him today? It doesn't mean anything, because the group is not around anymore. Um, if they know something, well, their knowledge alone should speak for itself and should not have to relay on the name of some group that does not exist to try to perpetrate some sort of false image to other people, so it really doesn't happen that often. We see people like Ian Murphy, for instance. I've still got newspaper articles with him in it saying that he was in Legion of Doom, and in fact, he has told some people, and some business acquaintances of mine, I guess in some desperate attempt to generate revenue, that not only was he in Legion of Doom, but he founded it, ha, ha, so, that's nice and he can continue to delude himself in a lot of things. If anybody wants to live in delusion, well that's their right, I suppose. It doesn't mean anything to me. GA: Isn't there a new Legion of Doom now? CG: Well, I really don't want to get into that too much. There was a young Canadian fellow who decided that it might be a good idea to start the new Legion of Doom and within like say an hour after that got posted to the Net, we were on the phone with him, telling him what a bad idea that was. It was myself and Scott Chasin who called him up first and he said, "Well, I think The Legion of Doom was a real important thing for the community and I just want to see it continue" and this and that. I said, "Who are you to come out of nowhere and think that not only do you have enough knowledge to say that you could have been associated with The Legion of Doom, much less to usurp the name? The name is dead, we put the group to rest and we want it to stay that way. He said, Well I'm not going to change it and as soon as you see the type of journal I put out, you will be really impressed." I said, "If your magazine is good, it will stand on its own merit and you don't need our name." He said, "Well you retired the name and that means it's fair game for anybody else." Okay, well so there is no talking to this guy, so I said, "Well I want to tell you this Cameron, Scott and I are the first to call you, there will be many others. We are the nicest. It's not going to be pretty for you and I just want you to know that." And let's just say there is no more New Legion of Doom. It was kind of an interesting experience for everybody because it did get a lot of the members back in contact with one another. A lot of us had gone our separate ways. The members grew older.The group was founded in '84 and here it is almost '94, I mean that's a long time for, you know, a bunch of people to stay in contact, regardless of whether or not it was for some silly little computer group to form a net. So it was nice to catch back up with a lot of people. It's really refreshing to see that damn near everybody who was ever involved in the group is doing very well for themselves in their chosen careers or professions, or graduating with high graduate degrees, Ph.D.s, Master Degrees, and things; it's certainly not what one would expect from the world's most infamous hacker group, but that certainly is what happened. But, you know, the whole Cameron Smith New Legion of Doom thing, it didn't accomplish anything for him, but it certainly did accomplish something for us. It got a bunch of us back together again. I don't want to sound grateful to him for it, but it worked out pretty well. GA: How did The Legion of Doom originally break up? CG: Well, The Legion of Doom kind of went through three different waves. You can kind of chart the history of the computer underground, it sort of runs parallel to the history of The Legion of Doom, because you can see as the new members came in, that's when all the busts happened. People would either get nervous about the busts and move on and go to college and try to get a life, or they would be involved in some of the bust and some of them would leave that way. So it kind of went through three different membership reorganizations. You can tell who came in where because of what was going on. It finally kind of folded. I had talked to a bunch of members somewhat recently, within the past three or four years and I said, "Well maybe we ought to try to do something, we need to get some more members in and try to work towards a different end." At the time, there was still the infant of an idea about going into consulting by building together this last insurgence of Legion of Doom. I talked to several people and wanted to try to track down newer people, so I talked to the members who were still active and asked are you still interested in doing this again, because we've got some other things that we want to try to focus on and as stuff starts to progress, something might come out of it. I'm doing something with some other people, and we got people who are experts in different types of fields, and we were talking to people who are experts in mainframes, in telephony, in Unix, and all sorts of different stuff and as that started to progress, we got a bunch of people in the last new membership drive for the group, did a few things, and as that started to go on, most of my main focus started dealing in with a few people from the last insurgence about trying to form this consulting company, which ended up being Comsec. We finally decided that's what we were going to do and we were serious about it, we said okay well then maybe we should just dissolve the group, because if we are going to have Comsec, we don't need Legion of Doom, 'cause this is what we want to do. Instead of spreading the knowledge around the net in the form of text files free, we were going to spread the knowledge around the corporate world for money. It really was a logical progression to us, because, you are not going to be 35 years old and still trying to break into the systems somewhere; the thrill doesn't last that long and if it does, well, you need to get a life or a pet or something. There is no reason why someone who even has an inkling of maturity, not to say that I do in the least, should be wasting away their life gathering up how many university systems they broke into. So after we finally made the formal decision, we talked to some people and said well, we were just going to say goodbye to the group. Everybody who was still active or interested from the group was like look, you know, when this thing takes off, we want all of you to be there. When we need more consultants, you're the best, and everyone was all up for it. That's what happened. GA: Let's stick with The Legion of Doom for awhile. What was the relationship between The Legion of Doom Technical Journals and Phrack and Phun? CG: Well, it's kind of funny. Originally, I think this was something that Craig and Lex had done. Originally, there was going to be a Phrack issue that was going to be the Legion of Doom Phrack Issue. It was going to be Phrackful, nothing would follow us but Legion of Doom members and it went on and on and on. I guess Lex had collected enough files, he was like, "I don't want to give these to Phrack." So, he stuck them together in the Legion of Doom Technical Journals, since it was all Legion of Doom stuff anyway, might as well go ahead and put it out ourselves. And I don't know if that was something personal against Craig, I really doubt it because Craig and Lex have always been friendly enough. I just think that is something he decided to do. From that there were three others published, so there was a total of four Tech Journals. They didn't come out in any sort of organized order, they just sort of came out when they wanted to come out. It was like they were done when they were done and they appeared when we were finished and that's why there were only four for a group that was around for so long, but they were fairly timely when they were all released and I guess everybody really appreciated the kind of knowledge that was in them when they came out. Looking back, I don't know how much interest someone is going to get on how to hack Tops 20. I d like to find the Tops 20 right now. It doesn't exist. So the knowledge that was in those things is fairly dated, but at the time, it was very timely and people appreciated it. ======================= GA: You were busted in 1990, right? CG: Nope. GA: How did that go down? CG: On March 1 1990, I was raided by the Secret Service, but I wasn't busted. There is a big distinction there. Just because they came in my house and dug through my stuff, that doesn't mean anything happened. Let me give a little preface to that. Several months prior, I received notification from the University of Texas that my school records (specifically mentioning my computer accounts) were being subpoenaed by a federal district court judge in Chicago. I knew very well that was the district that William Cook was in, so I trotted on down to the Dean's office at the University of Texas and said, "Hi, I understand my records have been subpoenaed. I need a copy of that for my lawyer." So they ran me off a copy of it and sure enough there's William Cook's name. So, okay, I was right, and I went home and vacuumed the house and cleaned everything up nice and neat for them, started placing little notes in various places. I had little notes that said, "Nope, nothing in here," put that in a drawer and a little note that said, "Wrong, try again," put that in there and little things everyplace that someone might look to try to find the secret hacker notes. I printed out a copy of the 911 document, nice laser printed copy, laid that out and fan folded it over my desk. I went down to the Federal Building, picked up brochures on how to became an FBI agent and a Secret Service Agent, set those out on my desk. I got a printout of several different things, laid those out all nice and neat, had some Phrack issues, I had some messages off of the Phoenix Project, I had all this stuff laid out. It looked like a little alter, a shrine to the FBI. Well, sure enough a couple months later, there they were. And I also put some notes on my computer account at UT. I made some really large files, like cordons and named them dot master, dot password, dot zip, just stupid names, you know that tack ID's, and left these sitting in my account. All this noise. And then I made this one that said, "Secret Info." If anybody would have bothered to read that, it was like a 10K file of me saying, "Anybody who would take the time to search through my files and try to find illegal information is a complete scumbag." Sure enough when they came to visit my house that morning, I woke up to the sound of people running up my stairs and their screaming, "Federal Agents - warrant," then they came in my room, "Out of the bed." Leading the pack is Special Agent Tim Foley, and he's got his service revolver out, and he's got it pointed at me. He's a pretty big guy and I'm me. I don't present a menacing figure to most and especially at 6 in the morning in boxer shorts, ha, ha. It just looked like I'm going to jump right out and start ripping peoples' heads off, so he quickly put his gun away. Nonetheless, he did have it drawn. I like to point that out. Hackers are a notoriously violent group of people who are known for their physical prowess, so guns are definitely always necessary. (said sarcastically) So, they ordered me downstairs and held me in the kitchen. I immediately said, "Let me call my lawyer," and they said, "You'll get your chance." So, they started going through all my stuff. I heard them up in my room, rifling all though my drawers and about an hour or so later, one comes down and hands over one of the Secret Service Brochures that I had. He says, "So, thinking about joining up?" I said, "Well, I think I could probably do better than some people." He didn't like that remark. He said, "Well, I think our requirements are a little more stringent than to let in the likes of you." I said, "Well, it shows." He didn't like that very much either. I said, "So, what's your degree in?" He said, "Well, I'm not going to tell you." I said "I'm just making conversation." So they continued on in the search of my house and when they found absolutely nothing having anything to do with computers, they started digging through other stuff. The found a bag of cable and wire and they decided they better take that, because I might be able to hook up my stereo, so they took that. I have an arcade size PacMan machine, which of course, one of the agents decided was stolen, because a lot of people slip those into their backpacks on the way home from school. So they started calling up all the arcade vendors around town trying to see if this had indeed been stolen. The thought of me wheeling an arcade size PacMan machine down the street, just didn't occur to them. So, finally, I said "Look, I bought it, here's the guy, call him." So they finally gave that up, so then they started harassing me about some street signs I had in my house. I had a Stop sign. I had a No Dumping sign over the toilet. "You need to get rid of those, it's state property, if we come back here and you have those, we are taking you downtown." I go like, "Okay." So then they started looking for drugs, and one guy is digging through a big box of, like a jumbo family size deal of Tide we bought at Sam's, it was about three feet tall and it was one of the monster size things. This guy is just digging through it, just scooping it out, his hands are all turning blue and sudsy from digging through this detergent and Foley walks over to him and says, "Well, I think we can safely assume that that's laundry detergent." So, Foley comes back in to where I'm sitting in the kitchen and I've been freezing my ass off, so they had let me get a jacket, and put on some jeans, and he says to me, "Well, I want to show you something." He whips out some business cards that I had printed up for SummerCon a few years ago, that said, "Erik Bloodaxe, Hacker." It had a little treasury logo on it and he says, "Impersonating a Federal official?" "Well, it doesn't say anywhere on there, 'Chris Goggans, Special Agent.' It says, 'Erik Bloodaxe, Hacker.' Whoever this Erik Bloodaxe character is. It might be me, it might not. I'm Chris Goggans and that says, Erik Bloodaxe, Hacker. Just because the seals there, it doesn't mean anything." He says, "Well, if you don't tell us everything that there is to know about all your higher ups, we are going to be pressing state, local and federal charges against you." I said, "On what grounds?" He goes, "We want to know everything about your higher ups." Which I'm thinking, gosh, I'm going to have to turn in the big man, which is ludicrous, because there is no such thing as a higher up, but apparently they thought we were a part of some big organization. So, I said, "Well, I'm not saying anything to you, I'm calling my lawyer." And I already had told my lawyer previously that I would be raided shortly and that I would be needing to call him. So I called him and said, "Hi, this is Chris and the Secret Service is here and I'd like you to speak to the agent in charge." And he said that my client declines any sort of interviews until such a time that I can arrange to be there to represent him in an official capacity and I'll need your name and I need all the information. The agent said, "We will be in touch." And that was it. They gathered the bag of wire and the printouts of the 911 document, how to be an FBI agent, the printouts of the Phoenix Project messages, and they trotted on off. As they were walking out the door, one of the guys kind of looks over at my television set and he says, "Hey, why is that video game plugged into the phone line?" And it was kind of like a Homer Simpson, cause Foley trots over and I had a 300v terminal, which is what I had been using to get on bulletin boards with. It was plugged into the phone. It was a little membrane keyboard box. All it was was a modem. So they bundled that up and stuck that in there, and they went on their merry way, and I followed them out to the car, and wished them well, and wrote down their license plate, and went back into the house, and got into my car, and went driving around calling up everybody else around town to see if anybody else had been raided. GA: Had they? CG: Yeah, at the same time as what was going on in my house, the house of Lloyd Blankenship was being raided, The Mentor, as well as the office place of Steve Jackson Games, where Lloyd worked, which ran into a huge fiasco later on down the road for these hapless agents, but that's an entirely different story. ======================= GA: Did you ever do any malicious hacking? CG: No. To be honest, there were a couple of times I actually considered such a thing. At one point in time, we had access to South African Government computers, like South African Treasury, things like that and we were thinking, should we take it down? Nah, we better not do that, can we just change the message of the day to something like some anti-apartheid statement, some sort of politically correct thing. It was all a big joke to us, we certainly weren't thinking about that, we just figured it would really piss them off, but we never did it. When the Russian x25 network went up, we were right there on it. They can't bust us for hacking Russia, I mean, who would? What were they going to say? It's like, "You should hack them, because they are our enemies, well maybe you should hack them," so, we were just going after the Russian network pretty hardcore. Malicious hacking pretty much stands against everything that I adhere to. You always hear people talking about this so called hacker ethic and I really do believe that. I would never wipe anything out. I would never take a system down and delete anything off of a system. Any time I was ever in a system, I'd look around the system, I'd see how the system was architectured, see how the directory structures differed from different types of other operating systems, make notes about this command being similar to that command on a different type of system, so it made it easier for me to learn that operating system. Because back then you couldn't just walk down the street to your University and jump right on these different computer systems, because they didn't have them and if they did have them only several classes would allow you access to them. Given the fact that I was certainly not of college age, it wasn't really an option. You didn't have public access to systems. All you had to do was call up and ask for an account and you'd get one. So, the whole idea of doing anything destructive or malicious or anything even with malcontents using computer systems to track information about people or harass people, that just goes against the grain of anything that's me. I find it pretty repulsive and disgusting. I am certainly not blind to the fact that there are people out there that do it, but obviously these people have a s---ty upbringing or they are just bad people. ======================= GA: How about books that have come out about hackers? CG: Well, I'll take a stab at that. The Hacker Crackdown I found to be a very schizophrenic piece of writing. I still to this day have not read it completely. I found it very hard to follow and I was there. It is very hard for me to read that book and follow the chronology. Everything is on the money and he did a very good job of making sure the facts were correct, but it's just hard for me to read. Maybe that's just a criticism of his writing style. Approaching Zero, I didn't really care for that too much, more specifically because they just basically out and out called me a traitor and said I was keen on selling secrets to the Soviet Union. Maybe you ought to ask the IRS about all that money I got from the Soviet Union, because I haven't seen it, but I'm sure I'll be taxed on that too. But I found that rather disgusting and after that book, I actually had a conversation with one of the people who was writing the book. A guy named Brian, actually called us up at Comsec and I talked to him for about 30-45 minutes about things and next thing I know, nothing we really said ended up in the book. A bunch of people were misquoted, left and right. All the stuff about the American hacking scenes, off the mark. People were quoted as saying stuff that they never said, things supposedly from bulletin boards that were not on bulletin boards. I don't know where this information came from, but it's really just off the money. I guess if you know something so intimately, you are always going to be critical of anything someone says about it because they don't know it as well as you do, so you are always going to find fault in something. So maybe I'm just being overly critical. ======================= GA: While on the subject of Comsec, you have said that you have gotten bad press. From where? CG: Well, I think an article saying that I have been arrested in the past for breaking into Bell South, or books being published saying myself of The Legion of Doom destroyed the 911 Network in nine states just to see if we could do it. Things like that which are just out and out lies. I'd say that was pretty bad press. GA: Did Comsec fold because of personality problems, or a lack of business? CG: Comsec folded for a number of reasons. The press aspect weighed heavy. We were basically blacklisted by the security community. They wouldn't allow me a forum to publish any of my articles. It essentially boiled down to, with the trade magazines, at least, they were told by certain members of large accounting firms that they would pull their advertising if they associated with us, and when you are a trade magazine that is where all of your revenue comes from, because no one is paying for subscriptions and they can't afford that loss. They were more interested in making money then they were in spreading the gospel of truth in security. But hey, it's a business, I guess you have to take that. I had speaking engagements pulled. A head of a very large security association promised me a speaking engagement and then decided to cancel it and didn't bother to tell me until a month before the conference. I talked to him and he said, "Oh, well I should have called you." This is like one of the largest security associations in the country and the second largest. So we had that kind of treatment. Some of these conferences, since we were not speaking at them, we could not really justify spending thousand of dollars to fly out there and attend. We were cut off from a lot of things and since we did not have a presence at these conferences, a lot of our competitors used this to target the companies that we were marketing. You would have these MIS directors from large oil companies out there, and you would have other people going up to them and saying, "You're from Houston. You are not dealing with those Comsec folks, are you? Well, you know that they are nothing but a bunch of crooks out there." So, one very large oil company, we had already had all of our paperwork passed though all of their legal departments and it was just waiting to be signed; it had already been approved and money was allocated in the budget and we were ready to rock. This would have meant a large amount of money over a period of several years. Well from going though all of these friendly happy negotiations and papers ready to be signed, to XYZ oil company does not do business with criminals, Click! Who talked to this guy? Who feed him this nonsense? Well, we got a lot of that, certainly that weighed heavy. The fear that came from companies like DeLloyd Touche.I will single them out especially because some of their larger consultants were very vocal in speaking out against us, in the very forums they denied us. They used the magazines as a place where one particular consultant said something like, "Can we lie down with dogs and be surprised when we get up with fleas?" I mean, I don't deserve that type of commentary. I don't think anybody does. It is certainly not a mature attitude for somebody who is supposed to be an upstanding ethical consultant to use a trade publication to vent his frustration against his competition. But, hey, it's a free market and if he has a forum and they gave him a column, well I think he can write whatever the hell he wants. Sure, I was in The Legion of Doom. I have been in everybody's system. But I have never been arrested. I have never broken anything, I have never done anything really, really, criminally bad. There is a difference in doing something illegal, you like walk across the street at the wrong place and you are committing a crime, but that does not make you a criminal, and there is a big difference between different types of behavior. By all these different forces saying so many negative things about us, we had our work cut out for us. To be honest, they had us beat. They had the deep pockets. They could wait us out. They could keep saying bad things about us forever. They had hundreds of millions of dollars so that even if they weren't making money they could sit on it. We didn't. Eventually we could not do it any more. I had overextended myself. I sold off all my stock, all my personal stock. I had a bunch of stock in energy companies and things like that, that was in the past supposed to be paying for my college education, and I gambled it away on Comsec and I ran out of money. I needed to eat, I needed to get a job, I had to move, I couldn't afford it anymore. And everybody was basically saying the same thing. Scott didn't have any money, Rob didn't have any money, our sales guys were getting really antsy because they were having a real hard time closing sales, so we just had to shut down. ======================= GA: Any thoughts on where technology is going and how hacking might change in the next couple of years? CG: Well, like I said earlier, the Internet is a very scary place with a very, very limited set of knowledge. One person could take down a majority of the network and for so much trust and need to be placed in a network that is so inherently unstable because of the protocol that drives it. I mean you don't plan a trip across country in a 1957 jalopy! You go out and get a new car, or you rent a good car, you don't put all your trust in something that ain't gonna work. And it works well enough for a lot of things, but for people to trust their entire enterprise network to stuff over the Internet, they are asking for trouble. And as people become more familiar with the entire protocol sweep, they are going to find out that there is a world of hurt about to happen, and in the next few years, people are going to be real surprised when stuff starts going down like crazy. That's going to be the biggest thing to happen. I would imagine that all the cellular problems are going to disappear because the advent of digital caller is going to remove all this problem. A lot of things are going to change. I imagine people, hopefully, will once again get more and more into writing software and doing more productive stuff. With all the wealth of knowledge that is coming out of every community, even in the underground, because people are exposing bugs and people are changing things, so eventually people are going to be able to make all types of systems, robust enough to survive different things. So out of all this turmoil, some good is going to come. And from that, once all the problems have been corrected, people will be able to direct their energies into a more positive thing, like developing applications, writing software and focusing their attention on doing neat, nifty tricks, rather than doing neat nifty stupid tricks, ha, ha. You are going to see some really, really cool stuff that is going to blow your mind and you are going to be able to carry it around in your hand. You are never going to be out of touch anywhere in the world, so, I think that will be very cool. ======================= GA: We should certainly tell people how to subscribe to Phrack, and the prices on the LOD disks. CG: Yeah, people who want information about Phrack can mail me at: Phrack@well.sf.ca.us and for information about the BBS Archive Project mail: LODCOM@Mindvox.Phantom.com GA: Thanks Chris! G: Thank you. ------------------------------ Date: Sun, 23 Oct 1994 22:51:01 CDT From: CuD Moderators Subject: File 2--Cu Digest Header Information (unchanged since 23 Oct 1994) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send a one-line message: SUB CUDIGEST your name Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 In BELGIUM: Virtual Access BBS: +32.69.45.51.77 (ringdown) UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ uceng.uc.edu in /pub/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/cud/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) JAPAN: ftp.glocom.ac.jp /mirror/ftp.eff.org/Publications/CuD The most recent issues of CuD can be obtained from the NIU Sociology gopher at: tk0gphr.corn.cso.niu.edu (navigate to the "acad depts;" "liberal arts;" "sociology" menus, and it'll be in CuDs. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #6.94 ************************************