Today is the day!” squealed disc jockey Rick Dees. “This is song number one, ‘Escapade,’ by Janet Jackson. If it is followed by ‘Love Shack’ by the B-52’s and ‘Kiss’ by Prince, you could be caller number 102 and win a brand new $50,000 Porsche!”
KIIS-FM called it “Win a Porsche by Friday": eight Porsches--about $400,000 worth of steel, leather and status--given away, one a week. You could hardly live or work in Los Angeles without being caught up in the frenzy. It seemed that the gleaming, candy-red convertibles were plastered on nearly every billboard and bus in town. Listeners were glued to KIIS, hoping to make the 102nd call after Dees spun the third song in the magical series.
Housewives, businessmen, students and contest freaks jammed the lines with their car phones and auto-dialers. They all had hopes, but one 24-year-old high school dropout had a plan. America’s most wanted hacker and his associates sat by their computers and waited. On the morning of June 1, 1990, KIIS played “Escapade,” “Love Shack” and then, yes, “Kiss.” “We blew out the phone lines,” every line was ringing, says Karen Tobin, the station’s promotional director. “We picked up the calls and counted.”
The hacker was counting, too. At the precise moment Prince’s “Kiss” hit the air, he seized control of the station’s 25 phone lines, blocking out all calls but his own. Then the man, who identified himself as Michael B. Peters, calmly dialed the 102nd call and won a Porsche 944 S2.
It was child’s play. Especially for Kevin Lee Poulsen. Computer hacking had once seemed an innocent obsession to Poulsen, a native of Pasadena, but now it was his life, and it had taken him over the line. This October, Poulsen will face the first of two trials, one in San Jose and another in Los Angeles, that federal prosecutors say are critical to the government. Because of the seriousness of his alleged breaches of national security, they intend to use the cases as an example to the hacker underground.
As a teen-ager, Poulsen had burrowed deep into the giant switching networks of Pacific Bell, exploring and exploiting nearly every element of its powerful computers, from the common systems responsible for creating, changing and maintaining phone service to the shadow systems that guard secrets of national security, according to accusations in a federal indictment. The U.S. attorney in San Jose says that Poulsen had wiretapped the intimate phone calls of a Hollywood starlet, allegedly conspired to steal classified military orders, and reportedly uncovered unpublished telephone numbers for the Soviet Consulate in San Francisco.
That much the federal government knew even before charging him in the KIIS scam. And evidence was emerging that the hacker had the capacity to compromise undercover wiretaps and front businesses of the FBI itself.
Even as Poulsen honed his craft, the computer subculture he belonged to was spreading its electronic roots. Hackers were evolving into cyberpunks: a hybrid of cybernetics, the science of machines controlling brain and body, and common punks. Coined by science-fiction master William Gibson, the word signified the emergence of a new, rebel culture tripping on high-tech tools and thumbing its nose at the system. There was a time when hacker meant nothing more than joy riding a computer or phone system out of curiosity. But Poulsen, accused of cracking systems for profit and power, gave the word a new and notorious definition.
To many admirers, Kevin Poulsen was simply a particularly uppity cyberpunk creatively “surfing the edges” of the cyberspace envelope and unjustly receiving the wrath of the Data Cops. Poulsen, his supporters said, was the True Disciple of the first commandment of cyberpunk: “Information wants to be free,” and, like his predecessors, he bent the limits imposed by Ma Bell and the law.
To the feds, that image didn’t match reality. Kevin Poulsen’s obsessive assaults on the hidden secrets of computers took him further than any hacker had gone before. Poulsen was proof of the dark side of cyberspace, and the authorities made him one of the first hackers to be charged with espionage. Cyberspace was put on notice. Indicted in November, 1989, by a San Jose federal grand jury on charges of penetrating government and phone company computers, Poulsen faces charges that could land him 37 years in jail. And the 19-count Los Angeles indictment accuses him of conspiracy, fraud, wiretapping and money laundering in connection with the KIIS scam. “Kevin didn’t just defraud radio stations, compromise Pacific Bell and listen to other people’s conversations,” says Assistant U.S. Atty. David Schindler, referring to the second case, in Los Angeles. “He compromised law enforcement operations and systems which have a tremendous risk. That’s something we take very seriously.”
He had been a brilliant teen-age hacker, celebrated for high-security intrusions reminiscent of “WarGames,” the hallmark movie of his culture. Even fellow hackers were impressed. “There’s nobody that’s on Kevin’s level,” says one intimately familiar with his intrusions. “Kevin is extremely good at software and brave at taking chances. Kevin was a 24-hour-a-day hacker.”
So good was Poulsen at cracking clandestine government and military systems that the defense industry anointed him with a security clearance and brought him inside to test its own security. By day, Poulsen hacked to protect government secrets. By night, federal prosecutors say, he became a high-tech werewolf, a hacker whose incessant intrusions were increasingly criminal.
By the fall of 1989, as the San Jose grand jury prepared its indictment, Poulsen had slipped into a futuristic world in which he created new aliases at will. Even his closest associates didn’t know where he lived. At first there were the simple schemes, like the radio giveaway--quick, easy money. But increasingly, Poulsen sharpened his skills, drawn toward the most critical secrets of the government.
KEVIN POULSEN, LIKE MANY OTHER SHY, GIFTED CHILDREN OF HIS GENERATION, looked for human contact through the telephone. “I met him on a party line,” says Sean Randol of her teen-age friend. “We just started talking.”
On the jammed L.A. free phone-chat lines of the late 1970s, the pair talked about their favorite books, the works of J.R.R. Tolkien and other tales of heroic fantasy. “He was intellectual, he carried a conversation,” recalls Randol. “He was one of the first kids my age I could talk to.” The two 13-year-olds swapped numbers, and after a week of nearly nonstop phone chat, Poulsen asked if he could come over.
He wasn’t quite so dashing in person. Though he was clearly bright--he claimed an IQ in the high 140s--"he was very thin, he had braces, he wore pants way too short,” Randol recalls. He wouldn’t even look her in the eye. After 10 minutes of nervous small talk on the lawn of her mother’s North Hollywood apartment, Poulsen pedaled away on his bicycle. He phoned a few minutes later. Says Randol: “We went back to our more comfortable behavior.”
Poulsen had little contact with his adoptive father and stepmother. “They were in their late 40s, they almost seemed like a farm couple, and he was interested in things that were completely beyond them,” says Randol. “They bought him a TRS-80 (computer) but they knew absolutely nothing about what he was doing with it.”
Over the years, Poulsen and Randol would talk hundreds of hours on the phone. They also met at phone-chat parties, another strange phenomenon of the 1970s. The impromptu gatherings were often held at a pizza parlor on the corner of Van Nuys and Ventura boulevards. Many of the party-goers were blind young men in their 20s who called the chat lines to find friendship, and, perhaps, romance. The rest, says Randol, “were generally either geeks with pencil holders in their shirt pockets or fat girls.”
This wasn’t just another group of pimply misfits. Along with phone chatters like Randol were serious “phone phreaks,” who do to phone systems what hackers do to computers. Some of the phreaks wore stolen phone company hard hats. Others showed off telephone test sets (used by linemen to listen to service), demonstrated black boxes (devices that can make free long-distance phone calls) and bartered swiped bank and phone company credit card numbers.
Randol didn’t share Poulsen’s attraction to the hard-core phreaks and hackers, but she did share something fundamental with him. She didn’t like to go to school. Poulsen found a school where he could do what he wanted--"more of a hippie school,” says Simcha Saul, who taught Poulsen math at Valley Alternative Magnet in Van Nuys. “We encouraged kids to make decisions on their own.” Poulsen often chose to spend his school days playing the fantasy game Dungeon & Dragons. “I couldn’t play with them after a while,” recalls Saul, the school’s Dungeons & Dragons adviser. “They invented their own rules.”
Class wasn’t nearly as exciting. Norah Cunningham taught English at Valley Alternative and remembers Poulsen as an angry, brooding boy. Cunningham told Poulsen to write a story about his feelings, and to her surprise, he turned in a well-written essay. “It was violent, very bloody,” the teacher recalls. “Something about blowing up the world.”
It was also the only assignment Kevin Poulsen ever completed in Norah Cunningham’s English class. In June of 1982, Kevin Poulsen finished the 11th grade at Valley Alternative. He never went back.
KEVIN POULSEN AND HIS ACOLYTE, RONALD AUSTIN, HELPED DEFINE the term hacker during the personal computer revolution of the early 1980s. But the two Los Angeles teen-agers were a far cry from the classic hacker ethic explored in Steven Levy’s 1984 book “Hackers: Heroes of the Computer Revolution.” Levy had focused on the idealistic hackers of the 1950s to the early 1980s: engineers who learned to pick locked doors to explore a university’s cloistered giant computers, and innovators like Steven Wozniak of Apple who launched an industry out of a love of machines.
Poulsen and Austin entered the scene at the end of this golden age. The new hackers weren’t brilliant engineers or industry innovators. Many of them hadn’t even solved an algebraic equation or kissed a girl. They got their thrills in nosing around without authorization on the Arpanet, the Advanced Research Projects Agency network, a vast Defense Department computer web of military and research centers.
Poulsen, whose computer handle was Dark Dante, had been hacking and phone phreaking for a couple of years at the time he began to joust with Austin. Austin was two years older, but he was the neophyte. Dante delighted in mocking Austin’s attempts to follow his forays into distant systems on Arpanet. Armed only with modems and cheap computers, the two youths invaded the network’s giant computers, taunting one another by leaving hostile, cryptic electronic notes and clues in the bowels of the machines.
Off-line, Austin was by far the better educated. He had just finished his first three quarters as a physics major at UCLA, and the year before had graduated from Santa Monica High School with a 3.9 grade-point average. Six feet tall, curly haired and handsome, Austin looked like the quintessential Southern California surfer. Besides a $150 VIC-20 home computer, he had roller skates, a Frisbee, a tennis racket, all the trappings of a healthy adolescent. And Austin had something else that Poulsen lacked: a girlfriend.
That summer in 1983--Poulsen was 17, Austin, 19--the computer dogfights became an obsession. From early afternoon through the night, they tapped their keyboards and surfed the electronic net. Austin bought and consumed system manuals and soon could deflect all but the most clever of Poulsen’s jabs.
Things were hopping on the Arpanet. On Aug. 23, someone accessed the computers at SRI, a Bay Area think tank that works on classified military projects. Less than a week later, Santa Monica’s Rand Corp. was hit. There were electronic break-ins at two East Coast defense contractors’ plants, two California research firms, several universities and the Naval Research Laboratory in Washington, D.C. Later, Poulsen and Austin acknowledged responsibility for many of the break-ins to representatives of the L.A. County district attorney.
The hacking, like any other adolescent summer pastime, ended when fall beckoned. On the morning of Sept. 22, 1983, a fleet of sedans pulled up on 2nd Street in Santa Monica. Three investigators from the district attorney’s office, two UCLA campus cops and an FBI agent silently moved into position. The suspect was a six-foot-tall white male.
“UCLA Wargames Arrest,” blared the first Los Angeles Herald Examiner headline; “Super Computer Caper,” trumpeted the second. Austin was arrested, thrown in jail and charged with 14 counts of “malicious access.” Convicted on several counts, Austin served less than two months in custody. Meanwhile, another swarm of cops descended on the Poulsen house in North Hollywood, but Dark Dante was lucky. As a 17-year-old juvenile, he was never brought up on criminal charges. Only his $200 Radio Shack computer was seized.
“DEDICATED TO THE PEACE AND PROSPERITY OF MANKIND,” READ THE stone monument at the entrance to the sea of two-story, brick-and-glass 1950s buildings. The sign in front of the security desk was more up Kevin Poulsen’s alley: “In accordance with Department of Defense contractual requirements . . . personal articles . . . briefcases, handbags, packages, etc., are subject to inspection.”
Dark Dante was going to hacker heaven. SRI International, whose initials once stood for Stanford Research Institute, but now, says a representative, “stand for nothing,” is a private-sector think tank and research center that sprawls across 70 acres in Menlo Park, only a few minutes from Stanford. Exactly what SRI does is hard to pinpoint. Its annual reports list interests ranging from protecting corporations and governments against computer crime to combatting aircraft sabotage. SRI’s international offices span three continents, its achievements include the recent development of a “joint surveillance target attack radar system” and “superconducting microwaves.” More intriguing is what the annual report doesn’t say: It contains not a word about the highly classified work that intelligence sources say SRI performs for U.S. intelligence agencies and the military.
SRI may cloak its activities, but there was little doubt about what Dark Dante was going to do for the “Peace and Prosperity of Mankind.” SRI knew after the district attorney’s investigation that Poulsen already had hacked into its own computers. The punishment it proposed was stunning. The teen-age cyberpunk would come aboard in George Orwell’s 1984 to teach the military how to safeguard the crown jewels. Poulsen was soon boasting to friends that SRI was paying him $35,000 a year.
He moved into a condominium with a co-worker two blocks from the main SRI security gate. SRI contacted the Defense Department and Poulsen was granted a security clearance without a hitch. He served directly under Robert Gilligan, the man responsible for security codes that protect communications between SRI and the military. Poulsen worked with scrambling and tone-generating devices, as well as the latest encryption algorithms, the encoding of secret messages. His boss, Eric Brunner, says “Kevin was sent on military exercises and worked on the Strategic Air Command systems.”
Poulsen had smoothly made the transition from underground hacker to government-approved hacker. He still played his games of electronic sorcery, but now he received a paycheck for his hacking, and his efforts were classified--and in the interest of our national security. But for all his success, there were signs that Poulsen did not, perhaps, have the ideal psychological profile for carrying a security clearance.
It all began to fall apart in early 1988 with an unpaid bill for $162.50. A man named John Anderson was more than a hundred days late paying his rental on a nearby storage facility. The owner of the facility entered the locker, did a double-take and called the cops.
At first, Detective James Neal of the Menlo Park Police Department thought he was looking at a simple case of stolen property. “Then we found locksmith tools, false ID blanks and birth certificates,” he says. Neal and two Pacific Bell investigators compiled a detailed inventory. There were 20 boxes of gadgets and gizmos, well over a hundred items: phone company manuals, tools, lock picks and communications equipment.
But what finally brought the picture into focus were a few snapshots found among the cache. One showed a slender young man with near shoulder-length hair kneeling in front of a telephone company trailer as he picked the lock. Another showed what appeared to be the same young man inside the trailer, curled into a chair in front of a computer terminal, grinning at the camera. The man in the photos was Poulsen.
“Have a seat right here,” Neal gestured to Kevin Poulsen in the booking room of the Menlo Park police station on Feb. 12, 1988.
“I guess I’m in big trouble,” Poulsen nervously said during the tape-recorded interrogation.
“Well, you’ve got some warrants. Are you aware of the warrants that you have?”
The warrants were for driving without a license. They gave the detective the opportunity to ask about Poulsen’s multiple names, birth certificates, Social Security numbers and addresses. Soon, Neal was asking about a recent burglary at a Pacific Bell facility.
“What kind of ID card did you have to get in there?”
“I had an expired Pacific Bell ID card that I found in the trash can,” Poulsen replied.
Plenty of hackers go “dumpster diving,” scouring Pacific Bell trash bins for printouts of passwords and old manuals. There’s nothing illegal about it. Poulsen, it seemed, had answers to every question. Until, that is, Neal brought up Ron Austin and Poulsen’s 1983 brush with the law.
“I was never charged with anything,” countered Poulsen.
”. . . So you’re saying . . . that you have not been involved in that same type of activity that occurred back in ’83, ’84, when (Austin) was arrested . . . .”
“I haven’t been continuing that activity at all,” insisted Poulsen. ". . . One of the myths . . . is that anything having to do with computers means that I’ve been doing, like, computer crimes,” admonished Poulsen. ". . . Computers are run of the mill. My roommate has a computer, with a line going directly to SRI. That doesn’t mean he’s breaking into the computer. I just want you to understand that not everything technological is related to your investigation . . . .”
A couple of hours later, Neal accompanied Poulsen to his condominium down the street from SRI. Against one wall stood a six-foot-long phone monitoring station. Strewn on the floor or stuffed in the closet were line-testing equipment, trunk test sets, telecommunication panels, terminals, monitors, cables and a switching device. At the same time that he had an SRI security clearance, Poulsen had been pulling nighttime burglaries on Pacific Bell facilities, stealing manuals, passwords, anything that might provide access, the San Jose indictment charged. The handful of books and papers ranged from “How to Buy Stocks” to a copy of “Watchmen,” a violent comic book series, to a bright yellow report binder that might have been scribbled by an eighth-grader but for its title, “Burglar Alarm Procedures.”
A police photograph taken at the scene showed Poulsen leaning against the door, a sour look on his long face. “I had him sign a copy of what we were taking away,” says Neal. “I think he finally realized there wasn’t going to be an easy way out.”
He had, and soon he was gone, into the underground.
“WANTED” FLASHED ON THE television screen to the accompaniment of an eerie theme. Robert Stack, the host of “Unsolved Mysteries,” strode through a large computer facility.
“Inside the labyrinth of the telephone company’s computer systems one feels a sense of insignificance,” Stack boomed dramatically. “It seems impossible that any single person could jam up these sophisticated works. Yet think of it. All the interactive computers across the country are linked by telephone lines. Both private citizens and classified government operations can be vulnerable to a computer genius run amok.”
The screen filled with a photograph of Poulsen’s face. By the time the segment aired in October of 1990, Poulsen had been a fugitive from justice for several months, and was beginning to achieve a dark stardom. Evidence enumerated in the indictment shows that Poulsen had become a deft lock-picker, a skilled forger and an accomplished burglar.
The Menlo Park investigation had sparked an FBI probe, and in November, 1989, a San Jose federal grand jury returned a sealed indictment against Poulsen on charges of penetrating military and phone company computer systems.
But the indictment was no secret to Poulsen: He put the slip on FBI agents who pulled up early one morning at his family’s home in North Hollywood. Then he let them know just whose game they were playing. The hacker phoned the G-men and taunted them for letting him escape. They traced the call, and then could only shake their heads in wonder. The number tracked not to a home phone or phone booth, but to a circuit buried deep within Pacific Bell.
The San Jose indictment began with a description of the tools employed by Poulsen and his alleged co-conspirators, former SRI employees Robert Gilligan and Mark Lottor: lock picks, powdered graphite, latex surgical gloves, blank keys cut to fit Pacific Bell lock cores, a laminator, blank ID cards for Pac Bell, AT&T; and American Express, and a point of sale credit card terminal.
Then there were the burglary “highlights” set forth as accusations in the indictment. On Nov. 21, 1986, it charged, Poulsen broke into a Contra Costa County Pacific Bell office and removed a “Dial Security Access Manual.” On Feb. 15, 1987, it said, he struck a larger target, Pacific Bell’s main office in the heart of downtown San Francisco, and lifted company ID badges that would give him the run of corporate headquarters.
In September of 1987, Poulsen’s activities took a more serious turn, the document charged. He hacked Pacific Bell computers to obtain “unpublished telephone numbers for the Soviet Consulate in San Francisco.” On Oct. 30, the document alleged, Gilligan sent Poulsen “via electronic mail, access codes to . . . the United States (Army) Masnet Computer Network.” Nineteen days later, the indictment charges, Poulsen illegally obtained plans relating to a secret Army exercise at Ft. Bragg, and between late January and late March, he stole a Pac Bell printout that listed the telephone numbers of the exiled Philippines leader Ferdinand Marcos and others under investigation by the FBI.
The indictment failed to capture more dangerous aspects of Poulsen’s hacking. On Aug. 17, 1989, less than two months before he was indicted, Poulsen cracked Pacific Bell computers and learned that federal wiretaps had been placed on Ronald A. Lorenzo and Splash restaurant in Malibu, according to the U.S. attorney’s office in Los Angeles. Lorenzo was reputedly a made member of the Bonanno organized crime family.
What did it all mean, and what was next? Thrashing around in FBI investigations of mobsters, snatching secret Soviet numbers? It seemed as if Poulsen’s powers were growing, his expanding abilities demanding new challenges. And investigators, it seemed, weren’t completely sure how he was doing it. But gifted hackers have shown they can crack phone company computers and, once inside the system, gain the same access as linemen, supervisors and other key employees. They can turn service on or off, listen in, create a conference call.
How deep was his penetration? In September, 1987, the indictment charges, Poulsen listened in on the phone conversations of the very same Pacific Bell security personnel who were trying to foil his trespasses.
That was the story viewed from the outside, but the world Kevin Poulsen lived in was steeped in fantasy. His raids on government and Pacific Bell computers were part of his continuing search for identity, and the days when it had been enough to cloak himself as Dark Dante were finished. Sometime in 1987, Poulsen established Pacific Bell phone lines in the names of Walter Kovacs and Jon Osterman, the fictional heroes of Watchmen, and moved into a parallel world of myth. The Watchmen series is revered for the complexity of its characters and the darkness of its vision. Kovacs, for instance, is presented by day as a downtrodden garment worker. At night he dons a mask, a swath of ink-blotted fabric, and becomes Rorschach, a powerful, disturbed vigilante.
It was no accident that Kevin Poulsen adopted these fictional characters and brought them to life as his electronic aliases. Poulsen knew plenty about harboring a past from which there is no escape. It was only after talking to Sean Randol for hundreds of hours, only after professing his love and being rejected time and time again, that Poulsen had finally shared with her his secret, perhaps his deepest.
He told the story without emotion, as if it had happened to someone else. “I was surprised that he told me about his first (adoptive) mother,” says Randol. “He had told me before that he was adopted. One day, he and his sister were sent to the neighbors to play with their children. They were both very young. And they had come back (home) and I don’t know what she’d done to herself, but she was dead.”
“One can only speculate about what motivated Kevin Poulsen,” concluded Robert Stack on “Unsolved Mysteries.” “But now he is a wanted man, facing up to 37 years in prison. If you have any information regarding Poulsen please contact the FBI or call our toll-free number . . . .”
Somebody or something did. On Oct. 10, 1990, as the NBC show aired, the staff of “Unsolved Mysteries” stood ready to accept tips concerning Poulsen’s whereabouts. At 5:10 p.m., they received a phone call. The phones suddenly went dead. All of them. “It was an interesting coincidence,” says Tim Rogan, the segment’s producer. Half an hour passed before the staff could get the phones working. The long-distance carrier that supplies the line told the NBC show that it was an accidental “switch” problem.
Says Rogan: “We never got confirmation one way or another that it was him.”
IN HIS 17 MONTHS ON THE lam, Kevin Poulsen had narrowly escaped at least once. An L.A. vice squad picked him up in a minor criminal case and released him without checking federal warrants. Then FBI agents got a break. After they learned that Poulsen had been seen at the Hughes market on Van Nuys Boulevard in Sherman Oaks, they dropped off some photos of Poulsen for the employees.
On April 10, 1991, at about 10 p.m., night manager Brian Bridges saw a thin young man in a black leather jacket and Levis wearing round wire-frame glasses. Poulsen had dyed his hair punk blond to change his appearance. Bridges hurriedly called the FBI, but by the time agents arrived, Poulsen was gone. Terry Atchley, a Pacific Bell investigator working the case, had a hunch he might be back.
The next evening, he staked out the market, and sure enough, at about 10 p.m., Poulsen pulled up in his black Pontiac Fiero. Atchley notified the security guard and took up a position at the front door. This time, Hughes market employees weren’t going to leave anything to chance. As Poulsen walked down the aisles with his food, two clerks grabbed him and wrestled him to the ground.
Later, after Poulsen was handcuffed, he began to cry. He asked if he could take out his contact lenses and get his glasses from a black bag in his car. FBI agent Richard Beasley agreed, but said he wanted to search the bag first. Hidden in the glasses’ case was a handcuff key.
In the Fiero, the FBI found a trove of devices often used in burglaries, as well as telecommunications gadgets that one man associated with the case said put James Bond to shame. The hair, the stunt with the handcuff key and the black tools revealed what the fugitive had become.
But Poulsen wasn’t talking about his life in the electronic underground, at least not to the police. On April 14, Poulsen, held in a federal lockup in Los Angeles, phoned his sister and mentioned that the authorities had “my address.” She passed the coded message on to Ron Austin, who retrieved Poulsen’s powerful Sun Microsystems workstation from a secret location before the FBI could find it, according to the U.S. attorney in San Jose. The code was one of several clever contingency plans Poulsen and his allies had established. Clever except for one detail. The tables had turned on Poulsen, the electronic eavesdropper: This time, the cops were monitoring him.
The fun was coming to an end. Federal agents had convinced another Los Angeles hacker, Justin Tanner Petersen, to work undercover against Poulsen. With his help and the intercepted message from jail, government agents discovered the Sun workstation and its potentially incriminating files stashed--authorities have not said exactly where--in Van Nuys in January, 1992. But Poulsen had learned something from his previous brush with the law. This time the computer’s disk was encrypted. It was sent to FBI headquarters in Washington, where it would take months to decode.
Finally, last December, the government filed a superseding indictment in San Jose, dropping a charge in the first indictment that he had compromised an FBI wiretap of Ferdinand Marcos. But the new indictment charged Poulsen with espionage for possession of classified documents. Poulsen’s attorney, Paul Meltzer of Santa Cruz, complained that he was being subjected to a 15-year background check to obtain security clearances before he could examine key documents in the case. Meltzer, who has challenged the legality of the searches that led to Poulsen’s arrest, believes the San Jose case will be thrown out.
Meanwhile, the Electronic Frontier Foundation, a civil liberties group that assists in the defense of what it considers well-meaning cyberpunks, questioned the Justice Department’s use of the espionage statute, which carries a maximum 10-year penalty. “Everything we know about this guy,” foundation attorney Mike Godwin told the San Francisco Chronicle, “is that he was hacking around systems for his own purposes,” not for espionage.
Those purposes may never be entirely clear, but there is no doubt that he was driven by ego, money and, perhaps most of all, loneliness.
The tenuous friendships he had formed during his hacking days were falling apart: At least four former hackers agreed to testify against Poulsen in return for reduced sentences. There was a certain symmetry in Austin’s betrayal of his friend. The first time round, Poulsen, the juvenile, had escaped conviction, while Austin had taken the fall. Now, Austin would trade serious jail time for nailing his teen-age accomplice.
Last April 21, roughly two years to the day after Poulsen was captured, a federal grand jury in Los Angeles delivered a 19-count indictment. Charged with conspiracy, fraud in connection with access devices, interception of wire or electronic communications and money laundering, Kevin Poulsen faced a maximum of 100 years in prison, heaped on top of the potential 37 in the San Jose case, and fines of nearly $5 million.
Poulsen’s alleged burglaries of Pacific Bell facilities were especially prodigious: The U.S. attorney in San Jose says that Poulsen committed more than 40 intrusions while he was working for SRI.
Petersen, who pleaded guilty to transporting a stolen car across state lines, intercepting wire communications and stealing credit information, told investigators how he and Poulsen broke into numerous Pacific Bell buildings and stole the manuals and passwords they needed to crack the computers that hold sensitive secrets about federal investigations.
That vulnerability was of deep concern to worried authorities. Scott Charney, chief of the Justice Department’s computer crime unit, warned in an interview that a skilled hacker could compromise the confidentiality of a federal investigation by intruding on federal wiretaps. That fear was doubly strong in Poulsen’s case, since sources close to the government say that as a fugitive Poulsen encountered members of one of the largest organized crime groups in the country, and may have even erased one of his new associates’ criminal records. “There is the question of the integrity of law enforcement and justice as a whole,” says Schindler, the assistant U.S. attorney prosecuting Poulsen in Los Angeles. “These are things (telephone conversations) the public expect to be confidential.”
That was what the government was willing to talk about. But those close to Poulsen’s case speculate that the real fear was far more than his intrusion into FBI wiretaps. Pacific Bell also assists in setting up wiretaps for U.S. intelligence agencies. “With his knowledge of wiretaps he could dismantle the National Security (wiretaps) for California,” says one source close to the case. Another source frames the political issue: “Pacific Bell does wiretaps for other agencies (than the FBI). They (the government) may want to hush it up.”
IN THE TIME ELAPSED FROM the original November, 1989, indictment to Poulsen’s two trials set for this fall, cyberspace has undergone great transformation. While Poulsen was underground, the Secret Service, the FBI and state authorities moved against two of the largest hacker and phreaker rings in the country--the Legion of Doom and the Masters of Deception. In May of 1990, the Secret Service joined forces with the Arizona attorney general’s office to seize more than 40 computers in several states, many of them running illicit bulletin boards used to distribute swiped long-distance access codes and credit card numbers.
But the government’s credibility took a hit when it was revealed that one hacker it had accused of stealing a “secret” $79,449 technical manual describing the software for the 911 emergency system had actually pilfered a publicly available $20 manual. Civil libertarians pounced on the thin charges in this and other cases. By early this year, the mixed results were in: 35 convictions, with most of the hackers doing little more than a year in prison, and a few just receiving probation, parole and fines. The longest prison sentence was 21 months. The government was having a hard time proving that hacking was hard crime.
It was becoming increasingly clear that Kevin Poulsen was the government’s best chance to send a message. Currently being held without bail at Alameda County’s Santa Rita Jail, he has already spent more than two years in custody, longer than the prison sentences of the Justice Department’s most-celebrated hacker cases. A few months after the Electronic Frontier Foundation had spoken in Poulsen’s defense, neither the civil liberties group nor anyone else was putting in a good word in his behalf. And unlike virtually every other hacker who has come before, Poulsen continues to steadfastly refuse to tell his side of the story.
Even his stepmother declares that she has nothing to say. Reached by phone, she says that “Kevin doesn’t want us to talk to anybody.” Asked about his alleged criminal hacking, she replies: “I don’t know anything about that. Kevin is very private. He just never, ever, let us in on anything.”
The ultimate hacker, of course, trusts no one, and so perhaps it is not surprising that when Kevin finally meets justice he will truly be alone. Abandoned by fellow hackers, friends and the family he never had, he seems bound to be the first of his kind to face the full brunt of the law. Today, no one has any use for him, not the U.S. military complex, which once exploited his boyhood obsession as a national security advantage, not the cyberspace community, which once saw him as a symbol of freedom in the information age.
Born in a time when hacking was an innocent rite of boyhood, when laws were as unclear as the boundaries of the Arpanet, Kevin Poulsen had outlived his era.
He was the last hacker.