Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker (23 page)

We’d do this just for fun, just because we could, sometimes twice or three times in a week. After we identified the target’s phone number, we’d call Pacific Bell’s Customer Name and Location (CNL) Bureau, give the phone number, and get the name of the person being monitored. Once we were told the phone was listed to the Honorable Somebody-or-Other. A little research gave me the rest of it: the intercept was on the phone of a Federal judge.

For Lewis and me, listening to wiretaps was a game, a lark. For Pacific Bell Security investigators, it was part of the job. But one of the investigators, Darrell Santos, was in for a surprise. He came in to work one morning, went to have a listen to what had transpired on the intercepts he had placed on my dad’s lines, and discovered that all of the Pacific Bell’s electronic surveillance had stopped in its tracks. There were no audio intercepts; everything was dead. Santos called the Calabasas frame and asked, “Are our boxes still working there?”

“Oh, no,” he was told. “Security from Los Angeles called and told us to disconnect them.”

Santos told the technician, “We don’t do any electronic surveillance out of Southern California: we do it all out of Northern California. So there’s no such thing as Los Angeles Security.”

That night Santos flew from his home base in San Francisco to Los Angeles and reattached all the surveillance boxes himself. To make sure nobody could be conned into disconnecting them again, he hid the boxes in the rafters above the racks of switching equipment.

Much later, in an interview for this book, Santos would recall, “This was a real big deal for us because now it hit home, it was personal. Kevin was listening to
our
calls, when we were in the business of trying to listen to
his
calls. Then he has our intercepts taken down. So it made us really change how we spoke on the phone and the messages we left. And we had to create some new ways to cover our tracks because we also had to protect the integrity of what law enforcement was doing with us, all of their court-ordered stuff.”

Maybe it was just as well that I didn’t know at the time what headaches I was causing them—otherwise I might not have been able to squeeze my big head through a doorway.

And maybe I would have been flattered to know, back then, that whenever anything like this happened at Pacific Bell, I immediately became the prime suspect. According to Santos, Kevin Poulsen had been number one on their internal most wanted list. Once Poulsen was behind bars, the revised list had a new name at the top: mine. The file they had on me going all the way back to my juvenile days was as thick as a big-city phone directory.

Santos said, “There were other hackers out there doing a lot of other things, but my opinion was that Kevin was the one who everyone was trying to emulate. I thought Kevin was the mouse and I was the cat, but sometimes it was the other way around.”

He added, “There were many leads we’d get from corporate security guys in other companies saying, ‘Hey, we’ve got this case, this guy’s getting us, do you think it could be Kevin?’ Every time something would pop up, it was always Kevin they’d suspect.”

As I say, I might’ve been proud to hear some of that back in the day, but just then I was feeling pretty frustrated. So far my talents hadn’t helped me uncover any of Eric Heinz’s backstory. Lewis and I had been going around and around with each other over our doubts concerning him. Sure, he knew lots of stuff about phone company systems and procedures, even some stuff Lewis and I hadn’t been aware of. But A, he wasn’t willing to share much of anything. And B, he was forever asking
those
kinds of questions, the kinds hackers just don’t ask one another: “Who are you working with?” and “What projects have you been doing lately?” and so on.

It was time for us to meet the guy face-to-face and see if getting to know him a little better would put our suspicions to rest. And if he was for real, maybe he could even help me learn when those taps had been placed on my dad’s lines.

S
urprisingly enough, Eric was more than willing to meet us for dinner. We settled on a few days later at a Hamburger Hamlet near West Los Angeles. Lewis and I were both antsy enough about the meeting that he said he would bring along some special equipment designed to ease our paranoia.

We met in the parking lot about half an hour early. When I joined him in his car, he was intently listening to a radio scanner. I didn’t have to ask what he was listening to: the scanner was programmed to pick up all of the frequencies used by the FBI, Secret Service, and U.S. Marshals. And more besides, because when the Feds were dealing with somebody they thought might be wise about technology, they often got tricky and decided to use the frequency of some other agency, like the Bureau of Prisons, or the Drug Enforcement Agency, or even the Postal Inspection Service, among others. So Lewis had those frequencies programmed as well.

The scanner wouldn’t pick up distant signals, only those strong enough to be coming from someplace close. In that era, almost all Federal law enforcement agencies were already sophisticated enough to encrypt their traffic. But we wouldn’t need to know what they were saying, just whether they were saying it nearby. If the law enforcement frequencies started buzzing, we’d get the hell out of there in a hurry.

For now, all was quiet, but just in case, Lewis slipped a couple of interesting electronic devices into his pocket as we got out of the car.

We had agreed on this restaurant because the location was convenient. The Hamburger Hamlet turned out to have a passé decor of mirrors, brass, and tile, which had the side effect of turning conversations in the supercrowded place into a noisy buzz. Perfect, since we wanted to be sure we wouldn’t be overheard by anyone at a neighboring table.

Eric had told us to look for a guy with shoulder-length blond hair and a laptop. Even among all the Hollywood types chomping into thick burgers, we had no trouble spotting him. Thin, wearing a silk shirt left open to show his chest, he looked like a rock musician—or maybe more like a guy decked out to get the standard reaction of “I know that face, but I can’t remember which band he’s with.”

We said hello, introduced ourselves, sat down, and let him know clearly, right up front, that we had no reason to think we could trust him. Lewis and I had each brought along a RadioShack Pro-43 handheld scanner, and we put them on the table in plain sight. Lewis had also brought an Optoelectronics RF Detector—a device designed to detect signals transmitted from a body mike—which he openly waved around over Eric’s body. It picked up nothing.

The whole time we were there, Eric seemed to be intensely preoccupied with scouting the horizon for female companionship, while he told nonstop stories about the fullness of his dating calendar and the details of his sexual escapades. Lewis seemed inclined to put up with and even encourage this braggart litany, but I never have trusted guys who feel the need to paint themselves to other men as ultimate Romeos. It made me wonder if any of the information Eric might give us about the phone companies—our mission’s sole purpose—could be believed, even if we
could
draw it out of him.

Still, at one point—at last—he dropped a tidbit into the conversation that truly got my attention. He claimed he had a master key that gave him access to every phone company central office, left over from the days when he and Kevin Poulsen were making nighttime visits to COs all over Los Angeles.

I was mostly just listening. Because I wasn’t supposed to have any interaction with other hackers, I had told Lewis to do most of the talking for us. Eric bragged about having been a sound engineer on the road, but he didn’t name any of the bands he’d worked for, which I guessed meant they were ones nobody had ever heard of. Then he tried to impress us with
things he had that he was sure we didn’t: besides the master keys or door codes for all the central offices, he claimed he also had a master key for all the “B-boxes”—the phone company boxes scattered along the streets of every city, which field techs go to when they need to wire up phone lines to houses and businesses. It sounded as if he was hoping to tempt us, trying to get us to plead with him, “Could we come along on one of your break-ins?”

Then he started talking about those nighttime break-ins into phone company offices with Kevin Poulsen and another hacker, Ron Austin, to collect information and gain access to internal Pacific Bell systems. And about how he had taken part in that radio-contest phone hack, when Poulsen scored his jackpot win of the two Porsches. And, Eric said, two Hawaii vacations.

Eric said he had gotten a Porsche from that hack as well.

One thing did seem to have the ring of truth: he told us how the Feds had caught Poulsen. They found out he did his grocery shopping at a particular Hughes Market, so they kept dropping by and showing his photo to the staff. When Poulsen came in one day, Eric said, a couple of the shelf stackers recognized him. They tackled him and held him until the cops arrived.

Lewis, who had a need to show how smart he was, pulled out his Novatel PTR-825 cell phone and did a big spiel about how he’d “changed the ESN on this phone.” So Eric boasted about having done the same with his Oki 900, which wasn’t really such a big deal because by that time there was already software available online for that. Then he talked about a ham radio repeater on frequency 147.435, the one I thought of as the “animal house.” Uh-oh, I wouldn’t have thought he’d know about that, and from now on I’d have to be careful not to say anything over the repeater that I wouldn’t want Eric to hear from me.

And then we got on to the major subject of interest: hacking into Pacific Bell. Eric was obviously trying to establish that we should trust him because he had access to every Pacific Bell system.

Okay, I had thought there were very few phreakers—hardly any—who knew as much about Pacific Bell systems as Lewis and I did. Yet Eric seemed to have a knowledge that was at our level. Very impressive.

This one floored me: he claimed Poulsen had broken into the office of Terry Atchley, of Pacific Bell Security, and light-fingered the file on himself… and
the one on me. And he said Poulsen had made a copy of my entire file
that he had given to him as a gift.

“You have a copy of my file?”

“Yeah.”

Even though the file was supposedly lifted from Terry Atchley’s office several years ago, I said, “Hey, man, I really wanna see a copy of it.”

“I’m not sure where it is. I’ll have to look for it.”

“Well, at least give me some idea of what’s in it. How much do they know about what I was doing back then?”

He suddenly became noncommittal, talking around my question instead of answering it. Either he had never had the file or he was holding out on me for some reason. I was annoyed that he wouldn’t tell me anything about what was in it. Yet I didn’t want to push too hard, especially at our first meeting.

The conversation went on, but Eric always came back to asking us what we had going—meaning what hacking we were doing. Uncool. Lewis and I both gave him different variations of “You tell us some of what you know, we’ll tell you some of what
we
know.”

Now it was time for Lewis and me to shock our new wannabe companion right out of his socks. Lewis was playing his role to the fullest. Sounding arrogant as hell, he said, “Eric, we have a present for you.” He took out a floppy disk, reached across the table, and in a typical De Payne in-your-face gesture, shoved it into the drive of Eric’s laptop.

After a few moments of whirring, a display popped up on the screen: a listing of all the protocols for SAS, items like a command such as “;ijbe” that would tell the SAS unit to perform some function like “Report current status.” These were hidden commands, buried within the SAS controller, never known to the phone company test technicians or needed by them, but granting far more control over SAS than even those techs had.

Eric understood enough about SAS to recognize that this list was authentic and something he himself had never had access to.

He looked both shocked and angry that Lewis and I had been able to get hold of something he didn’t have. In a lowered voice, he growled, “How the
fuck
did you get this?” I thought that was odd—why should he be angry? Maybe it was really envy that he was feeling, annoyance that he had only read the users’ manual while we had developer’s documents that revealed many more secrets and powers.

Eric started paging through the document on-screen and could see that it also had all the functional specifications and requirements. He saw it was a rich source of information that would grant any phone phreaker powers he could only dream of.

This was something like a month after he had first mentioned SAS to me in a phone conversation. Even more perplexing, what we were showing him wasn’t a photocopy but an electronic file. I could see the wheels turning: he could not have had any idea of how to do what I had done—getting hold of the developer’s design notes, and, no less, an electronic version of them, which probably didn’t exist anywhere within PacBell.

He demanded again, “How… the…
fuck
… did you get this?”

I told him what we had already said several times: “When you start sharing stuff with us, we’ll start sharing stuff with you.” As I said that, Lewis reached over, ejected the disk from the computer, and pocketed it.