Computer Buff to ‘Favorite Felon’: ‘Cracker’ Traces Path

A lucky guess at a computer password allowed Bill Landreth, I.Q. 163, to become the Jesse James of the computer frontier.

He doesn’t look like a felon. The 20-year-old Poway High School graduate and computer “hacker” has the slight shoulders, timid face and freckled grin of a 14-year-old. Yet he has earned an arrest record and a three-year suspended sentence for using his computer savvy to read, among other things, private mail from NASA and the Defense Department.

Now he is off on a promotion tour to plug his book “Out of the Inner Circle,” written with the help of Howard Rheingold and published this month by Microsoft Press of Bellevue, Wash. The book details precisely how hackers break in to supposedly secure computers--and how firms can protect against it.

Book plugging doesn’t seem to suit the skinny, mild-mannered young man. He looked ill at ease throughout an hour-long interview at a hotel room in San Diego. At one point his publicist, Judy Hilsinger, gave him a friendly squeeze on the shoulder and told him, “Relax!”

“He was so scared before this . . . He has nine interviews (scheduled) in New York City in one day,” Hilsinger observed later.

Lending him support was his girlfriend of four years, 20-year-old Jenny Perkes of Poway. She recalls meeting him in a manner reminiscent of a Norman Rockwell painting: He helped her carry encyclopedias to the school bus.

“He’s nice, and he’s bright and we get along together . . . He’s very logical; I’m more intuitive,” Perkes said. Her parents “like him a lot--he fixes things for them: our stereos, typewriters, almost everything electric.”

She recalled that after Landreth’s arrest, Poway High referred to him affectionately as “Our Favorite Felon.”

Landreth’s evolution from mild-mannered computer buff to “Favorite Felon” began one day when he went to an electronics store and bought a modem, a device that enables computers to talk to each other over the phone. He hurried home and hooked one of the modem’s two wires to his telephone and the other to his home computer.

Then he phoned a distant corporation’s giant computer system, one of those “number-crunching” marvels that stores a universe of business secrets in the form of 0s and 1s. The corporate computer fired a one-word response to Landreth’s computer screen: “Password?”

The challenge was irresistible. Landreth typed in a random name--”DAN.” Hundreds of miles away, the corporate computer failed to recognize the password and fired back, “ACCESS DENIED.” Unfazed, Landreth typed “JIM”; he got the same terse reply.

“My third try was LEE,” he now recalls. “Against odds no gambler would ever bet on, it worked.” He had broken into the computer; now he could explore its secrets.

But how? He typed “HELP.” The obliging computer--which assumed that since he knew the password, he must be a company employee--proceeded to list commands for exploring the system’s innards.

(Later he discovered how dumb some people’s choice of passwords can be. For example, one computer user chose “SECRET” as his password. Landreth estimates that “if it weren’t for password misuse, at least 80% of all hackers would never see the inside of a large computer.”)

He became obsessed with computers. By baby-sitting and working at a car wash, Del Taco and McDonald’s, Landreth raised thousands of dollars to buy computers, including the Radio Shack Model I and the Apple II. His grades fell from As and Bs to Cs.

Then he discovered the world of computer bulletin boards. Hackers can leave messages on each other’s computers by transmitting them over telephone lines. Some hackers identify themselves with “handles”--fake names--rather than their real ones.

Landreth’s handle was “The Cracker” and he recalls he “set out to establish a reputation among other hackers.” Other hackers began to seek his advice about ways to break into computer systems. “No matter how difficult the question happened to be, I would sit at the terminal for five, 10, 20 hours at a time, until I had the answer.”

A fateful “meeting” occurred in 1982, when Landreth’s computer received a message from a hacker whose handle was “Alpha Hacker.”

“We have never met face to face, and I still don’t know his real name . . . Alpha knew (hacking) tricks that I had never dreamed of,” Landreth said.

One trick involved getting into a computer system and creating a private file for oneself, then hanging up the phone without signing off the computer. That way, when the next person signs on to the computer, he will unwittingly record his password in Landreth’s secret file.

A related technique involves the creation of something hackers call a “decoy.” They amend the computer program so that when a legitimate user signs on, the computer screen displays what appear to be the usual questions about his name and password. But the display is a phony--a perfect copy of the true display--that the hackers have designed to record the password of each person who signs on.

Landreth and Alpha Hacker formed a secret society of elite hackers called the Inner Circle. “We picked the best hackers that we knew . . . to make sure we kept strict control over membership and over the way information was used, we decided to form a kind of tribunal that we called the Inner Circle Seven,” Landreth said.

Sometimes hackers will deliberately destroy computer files, but the Inner Circle had nobler goals, Landreth said.

“We were explorers, not spies,” his book explains, “and to us, damaging computer files was not only clumsy and inelegant--it was wrong.”

Sometimes they were even Good Samaritans--of a sort. Once they discovered poorly written computer programs on a school computer in Texas and proceeded to improve them.

They also cracked into the computer system of “a large newspaper on the East Coast” and pondered the possibility that “we might have stories of our own printed.” (They never did, however.)

Nonetheless, one member of the Inner Circle who went by the handle “Mandrake” was kicked out after the others discovered he had deleted some computer information “because he was bored.”

For the Inner Circle, computerized credit-rating systems were a cinch to penetrate. “I doubt that five minutes ever passed when members of the Inner Circle didn’t have all the information they needed to get credit information on anyone they would have liked to check on,” Landreth said.

Landreth recalled one hacker who had the gall to print questionnaires and pass them out in the lobby of a firm, pretending the questionnaire was a class project. The questionnaire asked for the employee’s name, address, job description and other information. Then the hacker went back to his computer and tried to crack into the employees’ computers. To his surprise, many employees’ passwords were their own first names.

Landreth’s golden days of hacking ended on Oct. 13, 1983, when several FBI agents knocked on the door of his family home in Poway. They showed him a search warrant and came inside to confiscate all his computer equipment and written records.

He was charged with wire fraud because there was no federal law against computer break-ins. His most prominent victim was GTE Telemail, a Virginia-based firm that runs a computer system that allows customers such as NASA and the Defense Deparment to transmit messages.

Thirteen months later, U.S. District Judge Rudi Brewster placed Landreth on three years’ probation and ordered him to repay GTE $87 for the unauthorized use of its computer system, to finish high school and to perform 200 hours of community service. The judge described Landreth as “a bright young man with a lot of potential.”

Landreth’s book is a gold mine of tips for firms with big computer systems. For example:

- Change the computer’s telephone number from time to time.

- Have an employee answer the computer telephone line rather than have a computer answer automatically. “Hackers who are monitoring their computer’s calls out will hang up at the sound of a voice.”

- Don’t encourage employees to use long, random passwords such as “GXLWTDPS.” Such a password is hard to remember and has to be typed in slowly--just slowly enough so that a hacker who sneaks inside a firm (which has happened) and looks over a computer user’s shoulder might remember the typing sequence.

- Make sure the first three digits of the computer’s “secret” telephone number are different from the first three digits of the firm’s main number. Otherwise a hacker could quickly discover the secret number by re-dialing the number over and over--for example, 238-0001, 238-0002, 238-0003--until he hears a high-pitched whistle that identifies the company computer.

That might sound like a lot of work but “it is not rare for a hacker to put in a 60- or 70-hour week,” Landreth observed. “Hackers enjoy what they do . . . . A typical hacker is in his teens or early 20s and almost always someone whom people would call a ‘fast learner’ . . . They love the elaborate, complex logic of computer systems.”

Hacking “is a game. You try to get on the computer--because it’s there.”