The Hacker's Home: Tracing A Hacker

Wednesday, August 14, 2013

Tracing A Hacker

                                         Tracing A Hacker

*The true story of John Maxfield, electronic private eye.
(Appeared in August 1990 issue of PC Computing Magazine, by Rick Manning).


To Catch A Hacker.

The computer crackers and phone phreaks who visited Cable Pair's cluttered
office one August evening in 1983 must have thought they were in heaven.
    Cable Pair was a sysop for a hacker forum on the Twilight Phone, a Detroit
area computer bulletin board. The forum had become a meeting place for
members of the Inner Circle, a nationwide hacker group that used words and
swap tips on phone phreaking--getting free use of long-distance phone systems.
    Cable Pair's visitors that evening were some of the Inner Circle's most
active members, highly placed in the hacker pecking order.  They had come in
response to messages that Cable Pair had posted on the board, inviting them to
take a guided tour of his headquarters, and they were suitably impressed.
Computer equipment was everywhere.  The sysop's console consisted of several
terminals connected to a remote Hewlett-Packard minicomputer.
    In a back room was a bank of electromechanical telephone switches--old
stuff, but enough to run a phone system for a small town. Cable Pair even had
an official Bell version of the infamous "Blue Box," a device that sends out
the precisely calibrated tones that unlock long distance telephone circuits.
demonstrate the magic box, he keyed in a 2600 cycle per second tone and was
rewarded with the clear whisper of AT&T's long distance circuit.
    Then like jazz players in a jam session, group members took turns showing
what they could do. One tapped into AT&T's teleconfrencing system. Another
bragged about how he once nearly had Ron Reagan, Queen Elizabeth, and the pope
on the same conference call.
    One hacker's specialty was getting into Arpanet, the advanced research
network that links universities and government agencies, including defense
research centers. "The Wizard of Arpanet sat right there at that keyboard and
hacked into the system," says Cable Pair smiling at the memory. "And we
captured every keystroke."
    It was probable Cable Pair's finest hour. He was not, after all just
another hacker. The gathering that evening was the culmination of an elaborate
sting operation.
    Outside the office, FBI agents watched everyone who entered and left the
building. A few months after the jam session, police raided homes across the
country. The confiscated computers and disks and charged about a dozen adults
and teenagers with various counts of computer abuse and wire fraud.
    Cable Pair was John Maxfield, whose career as an FBI informant had started
a year earlier. Now approaching the age of 50, he is still chasing hackers,
phone phreaks, and computer pirates. When his cover was blown in a hacker
newsletter soon after the office party, he attracted a network of double
agents, people who found it more convenient and safer to work with him than
against him. Some continue to maintain their status in the hacker underground
and pass information to Maxfield.

    The nature of Maxfield's calling depends on your frame of reference. If
you've read enough cheap fiction, you might see him as a private dick in a
digital overcoat. Or a stagecoach guard sitting on the strongbox, eyes
scanning the horizon, electron gun across his knees. He refers to the hacker
phenomenon in the nebulous language of Cold War espionage, casting himself in
a spy novel role as a warrior fighting battles that both sides will deny ever
    "He's very good at getting hackers together on one thing," says Eric
Corley, editor of 2600, the hacker publication that fingered Maxfield more
than six years ago. "I can think of nothing that hackers agree on except that
John Maxfield is evil!"
    Maxfield responds in kind "Hackers are like electronic cockroaches," he
says. "You can't see them, but they're there, and at night they raid the
refrigerator." Although a lot of hackers are what Maxfield calls "tourists"--
young people who go into a system to simply look around--more sinister
influences often lurk behind them.
    "The tourist may go into a system and look around, but when he leaves,
he's got a password and he'll share it with others because he's got an ego and
wants to show how good he is," says Maxfield.
     "It's my experience that ever hacker gang has one or more adult members
who direct activities and manipulate the younger ones. What could be better
than to have the naifs doing your dirty work for you? They can open all the
doors and unlock the systems and then you go in and steal space shuttle
     The hackers are one step away from the shadowy world of spies." says
Maxfield. "Some have deliberately sought out and made contact with the KGB."
Maxfield wasn't suprised at all when West German police announced in March
1988 that they had arrested a group of computer hackers who used overseas
links to U.S. computer networks to steal sensitive data. And he thinks
computer companies and corporations haven't learned much about securing their
systems. "There are more interconnections," he says "and that leads to more
    A good example was the worm that Robert T. Morris Jr., unleashed in Nov
1988 through the Unix based Internet research and defense network that shut
down more than 6000 computers.
    "The hackers will tell you that this kind of thing is just a practical
joke, a harmless prank. But in can do some very serious damage," says
Maxfield. Computer systems experts who testified at Morris's trial last Jan.
estimated that the cost of cleaning up after the chaos wreaked by the Unix
worm was $15 million!.
    The information that Maxfield collects about these computer pranksters and
criminals goes into a database that  he maintains to help him identify
hackers and monitor their activities. Maxfield tracks the phone phreaks'
identities and aliases to help his clients, who are managers at large
corporations, credit card companies, and telephone companies--business people
who feel the need to protect their electronic goods and services.
    What can Maxfield do for them? If a corporation's phone system is abused
by unauthorized users or if its computer system is invaded by hackers, he can
conduct an investigation and advise the company on how to contain the problem.
He can also tell them where their system is vulnerable and what to do about
    Most of the hackers whose names and aliases are in Maxfield's database
probably are pranksters, teenagers attracted by the danger and excitement of
electronic lock-picking. Their activities would remain mostly benign, Maxfield
says, if it weren't for the organized online groups and the criminally-minded
adults that urge them on.
    "That's the real threat," he says.  "It's not the pranksters so much as
people they're associated with. The people who don't run bulletin boards, who
don't brag openly about what they can do.

    Maxfield could easily have become one of the hackers he now fights against
As a teenager growing up in Ann Arbor, Michigan, in the late 1950's he had a
comsuming passion for telephones and computers. During the summer he worked
for an independent phone equipment manufacturer and spent time hanging around
the offices of Michigan Bell. He also made some friends within Bell.
    Naturally curious, Maxfield experimented with his telephone at home and
learned how to blow fuses at distant switching stations and even how to shut
down whole portions of an exchange. By studying AT&T technical journals used
on his job and by picking up technical information from his contacts at Bell,
he learned how to make his own blue box. In 1961, when dirrect dial service
reached Ann Arbor, Maxfield was finally able to test his discovery.
    Maxfield was shocked when he realized he could make long-distance phone
calls for free. He called a friend at the phone company, and he mentioned his
triumph to other friends. Maxfield's discovery attracted the attention of some
people who offered to pay him $350 each for 1000 blue boxes.
    Word also got back to AT&T special audit inspectors through the friend at
Michigan Bell. After paying Maxfield a visit, the inspectors let him off with
a warning, but not before suggesting that it was probably the Mafia that
wanted to buy the boxes.
    "They said the records of the bookmakers' long distance calls get them
convicted in court," Maxfield recalls. If bookmakers manage to evade the
telephone company's billing equipment, of course, they not only avoid having
pay for the long-distance calls they make, there are no records that federal
prosecutors can use against them.
    Maxfield's prototype blue box took a midnight swim of a Huron bridge, and
the kid stayed out of trouble after that. For the next 20 years he channeled
his electronic expertise into fixing and installing phone equipment.

    In fact, Maxfield's career as a counterhacker began quite innocently, in
1978, when he helped a local computer club start one of the nations first
electronic bulletin boards. Four years later, the FBI cam looking for pirated
    "I knew the pirated software wasn't in the clubs, but I also knew about
pirate bulletin boards that had sprung up in the area," Maxfield recalls. So
he printed out some of the messages from the pirate boards and took them to
the local FBI office in 1982.
    The FBI scarcely knew what to make of all of the information that Maxfield
handed them. "They were still keeping records on 3X5 index cards!" he says.
    But the bureau offered to compensate Maxfield for his expenses if he would
monitor the hacker bulletin boards and report to them.
    Maxfield accepted. The arrangement gave him what every hacker and phone
phreak would love to have...a license to hack. He could call anywhere in the
world or attack any computer and not worry about the consequences.
    Maxfield might still be undercover for the FBI today if he and his contact
at the bureau had kept their mouths shut and not underestimated the
resourcefulness of the hackers.
    Following the success of his 1983 office party and the resulting raids,
Maxfield, still undercover, got involved with a New York hacker group that had
take control of a corporate voice-mail system.
    Against the FBI's advice, Maxfield tipped off the voice-mail system
administrator, leaving a message urging him to contact the FBI. "What I didn't
know as that the hackers also had access to the system administrator's account
so they got the message first." Maxfield says.
    One of the gang members, posing as the system administrator, called the
FBI and learned enough to identify Maxfield. A story about Cable Pair's
involvement with he government appeared in the first issue of 2600 in January
    "We thought Cable Pair would be a promising contributor to this
publication," the story concluded. "Instead we learned a valuable lesson:
Don't trust ANYBODY."
    "That's when the shit hit the fan," recalls Maxfield. "I was burned six
ways from Sunday.
    "My phone was ringing off the hook with death threats," he says. "The
hackers were after me, and even the FBI didn't like me for a while."
    "It was an ignorminious finish to Maxfield's underground activities for
the government, but it launched his career as a consultant and electronic
private eye. Several hackers who were worried about how much Maxfield know
about their activities offered to become his double agents. "Some were even
more highly placed than I was, and a couple of those people are still good
sources today."
    "Hacker groups are like street gangs," he says: the hierarchy changes all
the time, and the organization is very loose.
    One way to get to the top of this shifting hierarchy is to be a sysop for
a pirate bulletin board, as Cable Pair was. Another way is to boast online
about hacking exploits ("Well, I hacked into NASA's network and figured out
how to alter the course of the Hubble Space Telescope...") or to post a lot of
pirated information on the system.
    Maxfield uses the hackers' own techniques to penetrate their private
bulletin board systems. "It's a mind game," he explains. "Hackers will seek me
out and feed me information about someone they hate or someone higher placed
that they are" just to get them out of the way. They're "absolute anarchists,"
says Maxfield.
    While Maxfield is watching the hackers, the hackers are watching him. Says
Corley, "We have a nice thick file folder on him."

    Maxfield keeps more than file folders. His database which has entries on
about 6000 suspected hackers and phone phreaks, is cross-referenced by name,
alias, phone number, gang associations, and criminal arrest record for phone
fraud. He also tracks the names and numbers of pirate BBS's--and it's all at
his fingertips.
    Maxfield downloads information from his database directly to some clients.
Others receive his periodical, which reports on hacker activities and lists
phone numbers of active hackers and pirate bulletin boards. Companies that
suspect illegal phone activity can use the list like a reverse phone
directory, comparing phone numbers on their bills against the list to isolate
the BBS from which the perpetrator is operating. Then they can work on
preparing a case for law enforcement. Very often, the same perpetrators tap
into the same system over and over, and companies that wish to prosecute must
assemble evidence over a considerable period.
    Sometimes Maxfield gets involved directly, but he says he is "not a bounty
hunter" and claims that he'll tip off corporations or phone companies about
security breaches even if they aren't clients.
    He'll even help AT&T, although his relations with the company are
strained. "They still think I'm one of the bad guys."
    Other's in the industry, however, find Maxfield's work helpful and
    "I put a lot of trust in the work he does," says Donn Parker, a computer
crime expert at SRI International, in Menlo Park, California, and a regular
subscriber to Maxfield's reports. "He does a very good job of keeping track of
the malicious hackers and the phone phreak community."
    Maxfield often conducts computer security seminars for corporate clients
and government agencies. He can alert corporate clients to weak spots in their
systems and advise them on how to tighten their electronic security. He tells
his clients that networks are particularly vulnerable to invasion because
"when you network systems together, it's like a chain, and you need only
attack the weakest link. All you need is one site with poor security and you
have a loophole."
    Data sent over the telephone lines can also be tapped. "Some people sit on
a telephone pole or in a car holding a laptop computer wired directly into the
phone lines, picking off data and passwords," he says.
    "Computer security isn't a computer problem, It's a people problem," says
Maxfield. "And people just aren't security-conscious. The leave doors
unlocked, and they write their passwords down and tape them to the fronts of
their terminals.
    "We have the technical knowledge to secure these systems. We know how to
keep the hackers out, but it's a problem of implementation. It's expensive,
and it makes the system harder to use."
    "Any system that's user-friendly," cautions Maxfield, "is also hacker-
    Maxfield is as addicted to his profession as the hacerks are to their
online capers. Even if he wanted to quit the business, he says, he couldn't:
"The hackers just won't leave me alone."
    Maxfield admits that sometimes it's a little scary to be the Lone Ranger
out there. Much of what he's seen and worked on can't be discussed for fear
that hackers will be onto what he's doing. But, he says, that problem is dire,
and "we've got to wake people up to this. We need to increase corporate
awareness, law enforcement awareness, and public awareness. Computer
manufacturers need to think about designing systems that are more secure, and
the phone system needs to rethink its entire network design."
    And so Maxfield feels an obligation to continue his crusade. He knows too
much to stop now.

A little info......
             This article is one of many controversial articles that is being
debated on the Master Control Program BBS. File retyped on 7/19/90 by user #1
of the MCP.
I am not the owner of this report.

No comments:

Post a Comment