Hacking It : Convicted Young Computer Whiz Now Helping Firms Take a Byte Out of Crime
A lucky guess at a computer password allowed Bill Landreth, IQ 163, to become the Jesse James of the computer underworld.
He doesn’t look like a felon. The 20-year-old Poway High School graduate and computer “hacker” has the slight shoulders, timid face and freckled-faced grin of a 14-year-old. Yet he has earned an arrest record and a three-year suspended sentence for using his computer savvy to read, among other things, private mail from NASA and the Defense Department.
Now he is off on a promotion tour to plug his book “Out of the Inner Circle,” written with the help of Howard Rheingold and published this month by Microsoft Press of Bellevue, Wash. The book details precisely how hackers break into supposedly secure computers--and how firms can protect against it.
Landreth’s evolution from mild-mannered computer buff to felon began one day when he went to an electronics store and bought a modem, a device that enables computers to talk to each other over the telephone. He hurried home and hooked one of the modem’s wires to his telephone and the other to his home computer.
Then he phoned a distant corporation’s giant computer system, one of those “number-crunching” marvels that stores a universe of business secrets in the form of 0s and 1s. The corporate computer fired a one-word response to Landreth’s computer screen: “Password?”
The challenge was irresistible. Landreth typed in a random name--”DAN.” Hundreds of miles away, the corporate computer failed to recognize the password and fired back, “ACCESS DENIED.” Unfazed, Landreth typed “JIM”; he got the same terse reply.
Third Try Does It
“My third try was LEE,” he recalls. “Against odds no gambler would ever bet on, it worked.” He had broken into the computer; now he could explore its secrets.
But how? He typed “HELP.” The obliging computer--which assumed that since he knew the password, he must be a company employee--proceeded to list commands for exploring the system’s innards.
Landreth became obsessed with computers. His grades fell from As and Bs to Cs.
Then he discovered the world of computer bulletin boards. Hackers can leave messages on each other’s computers by transmitting them over telephone lines.
Landreth adopted the code name “The Cracker” and “set out to establish a reputation among other hackers.” Other hackers began to seek his advice on ways to break into computer systems. “No matter how difficult the question happened to be, I would sit at the terminal for 5, 10, 20 hours at a time, until I had the answer.”
A fateful “meeting” occurred in 1982, when Landreth’s computer received a message from a hacker who called himself “Alpha Hacker.”
“We have never met face-to-face and I still don’t know his real name. . . . ‘Alpha’ knew (hacking) tricks that I had never dreamed of,” Landreth said.
One trick involved getting into a computer system and creating a private file for oneself, then hanging up the phone without signing off the computer. That way, when the next person signed onto the computer, he unwittingly recorded his password in Landreth’s secret file.
Landreth and “Alpha Hacker” formed a secret society of elite hackers called the Inner Circle. Sometimes hackers will deliberately destroy computer files, but the Inner Circle had nobler goals, Landreth said. “We were explorers, not spies,” his book explains, “and to us, damaging computer files was not only clumsy and inelegant--it was wrong.”
Sometimes they were even Good Samaritans--of a sort. Once they discovered poorly written computer programs on a school computer in Texas and proceeded to improve them.
They also cracked into the computer system of “a large newspaper on the East Coast” and pondered the possibility that “we might have stories of our own printed.” (They never did, however.)
One member of the Inner Circle was kicked out of the group after the others discovered that he had deleted some computer information “because he was bored,” Landreth said.
Some Systems a Cinch
For the Inner Circle, computerized credit-rating systems were a cinch to penetrate. “I doubt that five minutes ever passed when members of the Inner Circle didn’t have all the information they needed to get credit information on anyone they would have liked to check on,” Landreth said.
Landreth recalled one hacker who had the gall to print questionnaires and pass them out in the lobby of a firm, pretending that the questionnaire was a class project. The questionnaire asked for the employee’s name, address, job description and other information. Then the hacker went back to his computer and tried to crack into the employees’ computers. To his surprise, many employees’ passwords were their own first names.
Landreth’s golden days of hacking ended on Oct. 13, 1983, when several FBI agents knocked on the door of his family home in Poway, a San Diego suburb. The following July 9, he pleaded guilty to tapping into GTE Telemail, a Virginia-based firm that runs a computer system that allows customers such as NASA and the Defense Department to transmit messages.
U.S. District Judge Rudi Brewster placed Landreth on three years’ probation and ordered him to repay GTE $87 for the unauthorized use of its computer system, to finish high school and to perform 200 hours of community service.
Offers Advice
Landreth’s book offers many tips to firms with big computer systems. For example:
- Change the computer’s telephone number from time to time.
- Have an employee answer the computer telephone line rather than having a computer answer automatically. “Hackers who are monitoring their computer’s calls out will hang up at the sound of a voice.”
- Don’t encourage employees to use long, random passwords such as “GXLWTDPS.” Such a password is hard to remember and has to be typed in slowly--just slowly enough so that a hacker who sneaks inside a firm (which has happened) and looks over a computer user’s shoulder might remember the typing sequence.
- Make sure the first three digits of the computer’s “secret” telephone number are different from the first three digits of the firm’s main number. Otherwise a hacker can quickly discover the secret number by re-dialing the number over and over--for example, 238-0001, 238-0002, 238-0003--until he hears a high-pitched whistle that identifies the company computer.
That might sound like a lot of work but “it is not rare for a hacker to put in a 60- or 70-hour week,” Landreth said. “Hackers enjoy what they do. . . . A typical hacker is in his teens or early 20s and almost always someone whom people would call a ‘fast learner’. . . . They love the elaborate, complex logic of computer systems.”
