Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker (24 page)

Eric warned us, “The FBI knows about SAS because they know Poulsen was using it. They’re watching it real closely. They probably have traps on all the numbers.”

In a tone that was almost hostile, he said, “Stay away from it. You’ll get caught if you use it.” If that was just a friendly warning, why so much emotion?

At this point, Eric said he had to take a leak, got up, and headed for the men’s room. It was standard operating procedure for any hacker worthy of the name to possess all kinds of files and passwords on his computer that could get him thrown into jail. If he went out somewhere carrying his laptop, he would never let it out of his sight, not even when leaving the table for a minute or two to hit the men’s. Yet here was Eric, casually walking away and leaving his laptop not only sitting on the table but turned on, like an invitation to check out what we could find while he was gone. Lewis whipped out his frequency counter and waved it slowly back and forth, searching for transmissions. Nothing. The computer was not radioing our conversation to any team of flatfoots or Feds lurking nearby, ready to pounce on us.

I leaned over the laptop and announced to Lewis, “Man, that guy really knows his shit!” What a laugh—I only said it because I was sure there was some kind of tiny recorder planted in it, recording every word. Otherwise he would
never
have left it on the table. Here was a guy so paranoid that for weeks he wouldn’t give us his pager number, and now all of a sudden he was trusting us with his laptop? No way.

I figured he probably had some confederate at another table, watching us to make sure we didn’t just snatch the thing and run. Otherwise he wouldn’t have dared leaving a computer with a ton of information on it that could incriminate him under the control of a pair of guys he was only just meeting for the first time.

When we were finished with dinner and starting to leave, Eric asked, “If you’ve got a car, can you drop me off? It’s not very far.” Sure, I said, why not?

He started out friendly, telling me about the time not long before when he was tooling along Sunset Boulevard on his motorcycle and a car turned left directly across his path. The impact sent him flying over the car; he hit the ground so hard that his leg broke halfway between knee and ankle, with the lower part bent backward at a ninety-degree angle. The doctors and therapists worked on restoring his leg for five months, until finally Eric told them to go ahead and amputate it. But the prosthesis was so good that after physical therapy in rehab, he was able to walk without a noticeable limp.

The story was probably meant to put me in a sympathetic mood. Now he shifted gears and said, “I’m angry about your getting into SAS. After four weeks, you’ve got more information than I do about it.”

I used this to needle him: “We know a lot more than you think, Eric.”

But I was still being cautious, so I told him, “Lewis and I aren’t actively hacking; we just want to trade information.”

As he left the car to go into a jazz club on Sunset Boulevard, I thought to myself that this guy seemed to possess a keen intellect and a quick wit. Despite my suspicions, I still believed Lewis and I might be able to trade information with him at some point down the road.

E
ver since the dinner Lewis and I had with Eric, I’d been thinking about that key he claimed to have that would let him into any Pacific Bell central office. I decided to ask him if I could borrow the key. I wasn’t going to tell him what I wanted it for, but my plan was to get into the Calabasas central office, gain access to the COSMOS computer, and try to find out when the wiretaps had been installed on my father’s lines. And whether there was a notation in COSMOS not to give out any information, or to call Security, if anyone inquired about the lines.

Once we were inside the CO, I’d be able to see what boxes were connected to my dad’s lines and verify the numbers the wiretappers were using to dial in to them. When I had those numbers, I could look them up in COSMOS and find the date the numbers were activated, which would tell me when the wiretaps went in.

About 10:00 one night in February, Lewis and I drove over to Eric’s apartment building at the address I had gotten from Pacific Bell after I obtained Eric’s number using the caller ID ploy. The building was impressive, a pretty upscale and buttoned-down apartment complex for a guy like him—a spread-out, two-story stucco building with a locked entrance and a remote-controlled garage gate. We waited until someone drove out of the garage, and walked in. I could have described the place before seeing it. Carpeted lobby, tennis courts, swimming pool with Jacuzzi, palm trees, recreation room with a large TV.

What was this hacker from the nightclub crowd doing at a complex intended for corporate stiffs, people being put up at company expense while in LA on short-term assignments?

Apartment 107B was partway down a long hall. Lewis and I took turns pressing our ears to the door hoping voices from inside might give us some clues about who was in there. But we couldn’t hear anything.

We found our way to the recreational center and rang Eric’s apartment from the pay phone. I smiled as Lewis dialed his number, amused because any good hacker would know the pay phone numbers in his own apartment complex. If he was as good as he claimed, Eric would have added caller ID on his line and would recognize that Lewis and I were calling from his building.

Poor guy. He was angry that I had found out his phone number and way angrier that we were calling from only a few yards away. We told him we wanted to talk. He said, “I never have hackers up.” He finally told us to give him five minutes and then he would come down and meet us in the rec room.

I was struck once more by how much he looked like a rock musician, with his lanky build and blond shoulder-length hair, his boots and jeans, his dress shirt. He stared at us in disbelief. “You need to respect my privacy,” he hissed. “How did you find me?” He sounded nervous, as if he thought we might have come with guns.

My answer was a taunt. “I’m very good at what I do.” I said it with a big in-your-face grin.

He kept returning to his theme of the day about our not respecting his privacy.

I said, “We didn’t come to violate your privacy, we came to get your help. We think a friend’s lines are being wiretapped by Pacific Bell. You said you had keys to the central offices. I’d like your help finding out.”

The “friend,” of course, was me, and there wasn’t any “think” about it.

“Which CO?” he asked.

I didn’t want to give him details. “It’s a satellite ESS office,” I said, identifying it by the type of switch. “Unmanned at night.”

“The key isn’t here now,” he said. “I don’t want to get busted with it.”

“Can you let me borrow it?”

No, he didn’t feel comfortable with that.

At that point, I confided in him. “Hey, it’s not really a friend. I’ve found out they have intercepts on all my dad’s lines, and I’m scared because I don’t know how much they know. I don’t know who it is or when it started.”

He asked how I knew, and I told him how I’d social-engineered the Calabasas frame tech into telling me. I tried to tell him he could trust me. I was pleading with him and trying to convey a sense of urgency because I needed to do it now. I really wanted to get him to go get the key for me while I waited.

“Eric,” I said, “if I find out they have enough evidence to send me back to jail, I’m going to disappear.” The three of us talked for a while about what countries had no extradition treaties with the United States.

I pressed him again about the break-in, but Eric wouldn’t commit himself, saying he’d let me know. We spent a long time discussing how the phone company wiretapped people. He even told me that he went into the central office himself every week to make sure there was no dial number recorder (DNR) attached to his own line.

He still wasn’t willing to give me the key, but he said he would be happy to take me to the central office and go in with me. Since I didn’t completely trust him, I gave him only one of the three monitor numbers I had and didn’t let him know I had the other ones. It was a kind of a test, to see if he was trustworthy or not.

Finally Lewis and I said good night and walked away.

Whoever had put Pacific Bell up to installing those intercepts could by now have had enough evidence to send me back to prison, so not knowing what the wiretappers had overheard, I was really freaking out, my gut continually nagging at me. Sometimes, afraid to sleep at home, I’d check into a budget motel to relieve my anxiety.

We were going to go in together, but over the next several days, Eric kept giving me excuses about why he couldn’t go tonight, why he couldn’t tomorrow, how he had to work over the weekend. Meanwhile I grew more cautious. His behavior seemed suspicious; I was growing anxious about the risk. I told him, “I won’t go inside, but I’ll act as a lookout.” Finally we picked a date; it was all settled that we would go in the following night.

But the next morning, he called, saying, “I went in last night,” and
gave me the monitor numbers—and I could tell he was giving me the correct ones. He told me he’d looked up the numbers in COSMOS. The numbers had been established on January 27, so the boxes had been hooked up sometime after that.

I asked him how he’d gotten past the padlock on the outside gate. He said there wasn’t any when he got there. But every day, as I drove from my dad’s apartment, I passed that CO, and every day I saw that padlock. This was a huge red flag. Now I was really nervous. Why would he bullshit me about a thing like this, something he knew was so important to me?

I’d have to be even more on my guard with this guy. I just couldn’t trust him.

But the secret of where he lived wasn’t a secret anymore, and he was shaken. The whole episode had only added to the mystery… but I was on the verge of unraveling the puzzle.

N
ow that we had access to SAS, Lewis and I wanted to get the dial-up numbers for all the central offices, so we would have the ability to monitor any phone in Pacific Bell’s coverage area. Rather than having to social-engineer a Pacific Bell employee to give us the dial-up number every time we wanted access, we would have them all.

I had learned from the employee in Pasadena, the guy who read the copyright line for me, how they used SAS. The tester had to manually enter the dial-up number for the RATP for the central office of the line to be tested. The testers had a list of dial-up numbers for the RATPs in all the central offices they managed.

Small problem: How could I get a copy of the SAS dial-up numbers for all the central offices when I didn’t know what the damned list was called? Then I realized there might be a way. Maybe the information was already available in a database. I called the group in Pasadena that used SAS to run tests on a line when a subscriber was having phone problems. I called that group, identified myself as being “from Engineering,” and asked if I could look up the SAS dial-up numbers in a database. “No,” was the answer, “there’s no database. It’s only in hard copy.”

Bummer. I asked, “Who do you call when you’re having a technical problem with an SAS unit?”

Another example of how willing people are to help out somebody they have reason to believe is a fellow employee: the guy gave me the
phone number of a Pacific Bell office in the San Fernando Valley. Most people are sooo willing to be helpful.

I called there, got a manager on the line, and told him, “I’m from Engineering in San Ramon,” the location of the major Pacific Bell engineering facility in Northern California. “We’re putting the SAS dial-up numbers into a database, so we need to borrow a complete listing of all the numbers. Who has a copy of that?”

“I do,” he said, swallowing my story without hesitation, because he was a guy buried deep within the Pacific Bell internal organization who wouldn’t think an outsider would have any way of finding him.

“Is it too long to fax?”

“About a hundred pages.”

“Well, I’d like to pick up a copy for a few days. I’ll either come by for it myself or have somebody pick it up for me. That okay?”

He told me where to find his office.

Again Alex was excited about being a front for me. Dressed in a business suit, he drove over to the Pacific Bell facility in the San Fernando Valley. But the man didn’t just hand him the package, as we expected. Instead he pressed Alex about why he needed the information.

It was an awkward moment. This was in the spring, in Southern California. It was warm outside. And Alex was wearing
gloves
.

When the guy saw Alex’s gloved hands, he looked at him and said, “Can I see your ID?”

Another uncomfortable moment.

Few things in life are more valuable than being able to think on your feet in a situation that would be flop-sweat time for most people.