Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker (27 page)

Read Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker Online

Authors: Kevin Mitnick,Steve Wozniak,William L. Simon

Tags: #BIO015000

BOOK: Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker
13.86Mb size Format: txt, pdf, ePub

The first calling number was one I recognized: it was the phone number on Eric’s rental application, which I already knew was listed in the name of one Mike Martinez. Once again, this was a huge red flag. I had thought “Martinez” was just a phony name for Eric, or “Eric” was a phony name for Martinez, but now that didn’t make sense, because Martinez wouldn’t be calling his own pager number.

So whom else had Martinez called, and who had called him?

I ran a search on PacTel’s CDRs to find out. It wasn’t any revelation that he was calling the FBI, since I had stumbled on that information after I got his phone number from Eric’s rental application. Quite a few of his calls were to and from other cell phones provisioned by PacTel; on my notepad, I jotted down the numbers. Then I started examining the phone records for each of those accounts.

All of the numbers on my list belonged to people who were in frequent contact with one another, as well as with the FBI’s Los Angeles office and other law enforcement agencies.

Oh, shit. I knew too many of these phone numbers. The office number and cell phone of Pacific Bell Security’s Terry Atchley. A manager of Pacific Bell Security based in Northern California, John Venn. Also Eric’s pager, voicemail, and home phone numbers. And the numbers of various FBI agents (their direct phone numbers all began with the same area code, exchange, and first extension digit: 310 996-3XXX). This last
group made it pretty certain that Martinez was an agent himself, and helped me put together a list of the other agents probably on the same team.

The other call to Eric’s pager that jumped out at me had come from 213 500-6418. My search of that phone number proved to be a goldmine. There were quite a few short calls in the evenings to a single, internal FBI phone number. Likely explanation? The guy was checking his voicemail.

I dialed the number.

“This is Ken McGuire, please leave a message.”

Who the hell is Ken McGuire, and why the hell is he after me?

I hit the “0” button, expecting it would take me to a receptionist.

Instead a lady came on the line and answered, “White Collar Crime, Squad Three.” A couple of innocent-sounding questions and I had another piece of the puzzle: Agent Ken McGuire was on the Los Angeles FBI squad referred to as WCC3. He was probably Eric’s handler.

This had become a fascinating adventure. By the end of my lengthy traffic analysis, I had put together a list of people at the Bureau who were in regular close contact with the agents and support people I now figured were trying to take me down.

Shit!

Who else would’ve had the balls to investigate the FBI at the same time the FBI was investigating him?

It was all coming together, and it was looking like stormy weather ahead. I felt I was past the point of no return, but I wasn’t going to give up without a struggle.

NINETEEN
Revelations
 

Rcvo dn ivhz ja ocz omvinvxodji oj adiy v kzmnji’n njxdvg nzxpmdot
iphwzm pndib oczdm ivhz viy yvoz ja wdmoc?

 

W
e’re told that our medical records are confidential, shared only when we give specific permission. But the truth is that any federal agent, cop, or prosecutor who can convince a judge he has legitimate reason can walk into your pharmacy and have them print out all of your prescriptions and the date of every refill.
Scary
.

We’re also told that the records kept on us by government agencies—Internal Revenue Service, Social Security Administration, the DMV of any particular state, and so on—are safe from prying eyes. Maybe they’re a little safer now than they used to be—though I doubt it—but in my day, getting any information I wanted was a pushover.

I compromised the Social Security Administration, for example, through an elaborate social-engineering attack. It began with my usual research—the various departments of the agency, where they were located, who the supervisors and managers were for each, standard internal lingo, and so on. Claims were processed by special groups called “Mods,” which I think stood for “modules,” each one perhaps covering a series of Social Security numbers. I social-engineered the phone number for a Mod and eventually reached a staff member who told me her name was Ann. I told her I was Tom Harmon, in the agency’s Office of the Inspector General.

I said, “We’re going to be needing assistance on a continuing basis,” explaining that while our office was working on a number of fraud investigations, we didn’t have access to MCS—short for “Modernized
Claims System,” the amusingly clumsy name for their centralized computer system.

From the time of that initial conversation, we became telephone buddies. I was able to call Ann and have her look up whatever I wanted—Social Security numbers, dates and places of birth, mother’s maiden names, disability benefits, wages, and so on. Whenever I phoned, she would drop whatever she was doing to look up anything I asked for.

Ann seemed to love my calls. She clearly enjoyed playing deputy to a man from the Inspector General’s Office who was doing these important investigations of people committing fraud. I suppose it broke the routine of a mundane, plodding workday. She would even suggest things to search: “Would knowing the parents’ names help?” And then she’d go through a series of steps to dig up the information.

On one occasion, I slipped, asking, “What’s the weather like there today?”

But I supposedly worked in the same city she did. She said, “You don’t know what the weather is!?”

I covered quickly. “I’m in LA today on a case.” She must have figured,
Oh, of course—he has to travel for his work
.

We were phone buddies for about three years, both enjoying the banter and the sense of accomplishment.

If we had ever met in person, I would have given her a kiss to thank her for all the wonderful help she gave me. Ann, if you read this, your kiss is waiting.

I guess real detectives must have a lot of different leads to follow up when they’re working a case, and some of the leads it just takes time to get to. I hadn’t forgotten that Eric’s apartment rental contract was in the name of a Joseph Wernle; I just hadn’t pursued that lead yet. This was one of the several times while playing detective that I would turn to my Social Security chum, Ann.

She went on the MCS and pulled up an “Alphadent” file, used to find a person’s Social Security number from his or her name and date of birth.

I then asked for a “Numident,” to get my subject’s place and date of birth, father’s name, and mother’s maiden name.

Joseph Wernle had been born in Philadelphia, to Joseph Wernle Sr. and his wife, Mary Eberle.

Ann then ran a DEQY (pronounced “DECK-wee”) for me—a “detailed earnings query,” giving a person’s work history and earnings record.

Huh?…
What the hell!?

Joseph Wernle Jr. was forty years old. According to his Social Security records, he had never earned a penny.

He had never even held a job.

What would you have thought at this point?

The man existed, because Social Security had a file on him. But he had never had a job and never earned an income.

The more I dug into his background, the more intriguing the whole thing seemed to get. It didn’t make sense, which just made me all the more determined to find out what the explanation could be.

But at least I now had his parents’ names.

This was like playing Sherlock Holmes.

Joseph Wernle Jr.—the son—had been born in Philadelphia. Maybe his parents still lived there, or at least somewhere nearby. A call to directory assistance for the 215 area code, which covered Philadelphia as well as, back then, surrounding areas of Pennsylvania, turned up three men named Joseph Wernle.

I started calling the numbers the directory assistance operator gave me. On my second try, a man answered. I asked if he was Mr. Wernle, and he said yes.

“This is Peter Browley, with the Social Security Administration,” I began. “I was wondering if I could take a few minutes of your time.”

“What’s this about?”

“Well, we’ve been paying Social Security benefits to a Joseph Wernle, and somehow the records appear to have gotten mixed up in our system. It seems we may have been paying the benefits to the wrong person.”

I paused to let that sink in and let him squirm a little, so I would have him at a bit of a disadvantage. He waited without saying anything. I went on, “Is your wife’s name Mary Eberle?”

“No,” he said. “That’s my sister.”

“Well, do you have a son named Joseph?”

“No.” After a moment, he added, “Mary has a son named Joseph Ways. But it couldn’t be him. He lives in California.”

This was coming together; now we were getting somewhere. But there was more: the man on the other end of the phone line was still talking.

“He’s an FBI agent.”

Son of a bitch!

There was no such person as Joseph Wernle Jr. An FBI agent named Joseph Ways had adopted a false identity using real family names that he could easily remember. And that agent was passing himself off as a hacker named Eric Heinz.

Or at least, that was the most likely deduction, based on what I now knew.

The next time I tried to call Eric on his landline telephone, the number was disconnected.

Earlier in my hacking career, there had been a point when I had decided it might come in handy sometime to have access to another of the Los Angeles area’s utility companies, the Department of Water and Power, or DWP. Everybody needs water and electricity, so the utility company seemed like an extremely valuable source for finding out someone’s address.

The DWP maintained a unit known as “Special Desk” to handle calls from law enforcement, staffed by people trained to verify that every caller was on the list of people authorized to receive customer information.

I called the DWP corporate offices claiming to be a cop and explained that our sergeant who had the phone number for Special Desk was on assignment, and we needed to get it again. I was given it without a problem.

Next I called LAPD’s elite SIS division. It seemed only fair to include these guys in the fun since they were the ones who had tailed Lenny and me at Pierce College several years earlier. I asked to speak to a sergeant, and I. C. Davidson came on the line. (I remember his name well, since I continued to use it for a long time, whenever I needed information from the DWP.)

Telling him, “Sergeant, I’m with DWP Special Desk,” I said, “We’re setting up a database of authorized people for law enforcement requests, and I’m calling to find out if any officers in your division still need access to Special Desk.”

He said, “Absolutely.”

I started out, as usual, by asking if he was on the list and getting his name.

“Okay, how many officers do you have who need to be on the list?”

He gave me a number.

“Okay, go ahead and give me their names, and I’ll make sure they’re all authorized for another year.” It was important for his people to have access to the information from the DWP, so he took the time to patiently read off and spell out the names for me.

Some months later, Special Desk added a password to its verification process. No problem: I called up LAPD’s Organized Crime Unit and got a lieutenant on the phone.

Introducing myself as “Jerry Spencer with Special Desk,” I chose as my opening gambit a slightly different version of the earlier one: “By the way, are you authorized for Special Desk?”

He said he was.

“Fine. What’s your name, sir?”

“Billingsley. David Billingsley.”

“Hold on while I look you up on the list.”

I paused a bit and rustled some papers. Then I said, “Oh, yes. Your password is ‘0128.’ ”

“No, no, no. My password is ‘6E2H.’ ”

“Ohhh. I’m sorry, that’s a different David Billingsley.” I could hardly keep from laughing. I then had him look up the list of officers authorized for Special Desk in the Organized Crime Unit and tell me their names and passwords. At that point I was golden forever. I wouldn’t be surprised if some of those passwords still worked today.

With this access to DWP Special Desk, it took me only about five minutes to discover Eric’s new address: he had moved to a different apartment in the same building. Lewis and I had shown up at his address, and three weeks later he’s not living in the same apartment anymore and has a new phone number—but he’s in the same building?

And the new phone line is listed in the same name as before, Joseph Wernle. If Eric had really gone into “secure mode,” as he’d told us he was going to do, why the hell would he still be using the same name? This was the guy who was supposed to be such a good hacker? He didn’t seem to have any idea of what I’d be able to find out about him. I was still a long way from unraveling all the riddles, but I knew I had to continue now that I was getting closer and closer to the truth.

TWENTY
Reverse Sting
 

Wspa wdw gae ypte rj gae dilan lbnsp loeui V tndllrhh gae
awvnh “HZO, hzl jaq M uxla nvu?”

Other books

Branded by Scottie Barrett
A Vision of Loveliness by Louise Levene
The Blind Goddess by Anne Holt
The Vampire's Revenge by Raven Hart
Fade to White by Wendy Clinch
Autumn Leaves by Winkes, Barbara
Void Stalker by Aaron Dembski-Bowden
Notturno by Z.A. Maxfield