Computer revolution and arrival of the commercial
Internet wasn’t so bright for everybody. Some people were fighting in the front lines
of a battle for the control of the digital realm. It was a battlefield full of police
raids, corporate propaganda, and hacker revolt. Constitution didn’t apply to cyberspace.
There was no freedom of speech, no protection from unreasonable search and seizure.
At the dawn of the Information Age, access to computer technology was still very much
restricted and some people wanted to keep that way. But they were fiercely opposed by
people who believed access to computers and information should be as free and open as
possible. These two sides were engaged in a digital dirty war over access to the computer
power. In the beginning, the Internet used be heavily
decentralized which allowed for greater distribution of information and computer power. For big
telecommunication corporations, this was a problem. They needed technology development
to be proprietary and hidden for the sake of dominant market position. It also made
it much more difficult for governments to control the public opinion and track social
movements hidden behind computer terminals. More than anything, both governments and corporations
feared hackers – people who believed access to computer technology should be free and
open. They were determined to break through those restrictions of corporate dominance
and government control. Before the Internet became mainstream, the
battlefield was taking place in bulletin-board systems. A bulletin-board system, or a BSS,
was a place of online meet-ups, where people could upload and download content, exchange
messages and emails, or read news and boards. They were also used by hackers to share information
and knowledge about hacking and computer systems. But they were also frequented by folks and
even experts from the telecommunications industry. And sometimes these experts didn’t like
what those boards shared about them. On a Thursday morning, March 1, 1990, the
United States Secret Service accompanied by AT&T security officials raided the business
of Steve Jackson Games, a popular publisher of role-playing box games, despite the fact
they had never done anything illegal or suspicious. The raid happened because an AT&T crime expert
didn’t like the people who frequented SJG’s bulletin board. Agents of the Secret Service
seized all of the working and computer equipment, which prevented SJG from conducting the business
for several months. No one from the SJG was charged or arrested the Steve Jackson Games
even won a suit against the US Secret Service for a wrongful raid and invasion of privacy.
and later on, But the raid on Steve Jackson Games was only
one of many during the Hacker Crackdown. An 18-month-long campaign of the US Secret Service
raids and vaguely warranted searches and seizures of hundreds of businesses and homes across
the United States. This is a story of people, for whom cyberspace was a war zone.
One busy morning security officials at Indiana Bell received a very strange phone call. An
adolescent voice boasting about his hacking powers threatened to crash their national
telephone network. He said that they planned to do it together with his “friends” from
the Legion of Doom on July 4th 1989. He hangs up and Indiana Bell rushes to inform
the Secret Service. It isn’t hard for them to track down the caller’s location. It’s
a 16-year-old boy based in Indiana who goes by the name of Fry Guy. The Secret Service
would then install pen register on his phone lines to collect metadata from his incoming
and outgoing phone calls. They would find prove of a long list of Fry Guy’s criminal
activities. But the secret agents also got something much more valuable – a lead on three
Atlanta-based members of the Legion of Doom – Urvile, Prophet, and Leftist.
Fry Guy met with the Atlanta Three only through online hacker boards where hackers commonly
exchanged their knowledge and experience. By teaching Fry Guy about computer intrusion,
no one from Urvile, Prophet or Leftist knew they were digging their own graves.
Fry Guy cared more about his self-gain than he cared about his “friends” and the hacker
culture. By the time Secret Service began following him, he would pile up a very a long
criminal record. Among many of his illicit activities, Fry
Guy once hacked into local MacDonald’s records and gave his friends working there illegitimate
raises. He also found it amusing to redirect calls of Palm Beach County Probation to a
sex worker. He didn’t get caught. So he stepped up his game.
In December 1988 Fry Guy started targeting Western Union. He would steal their customers’
credit card credentials and then social-engineer employees to ask for cash by posing as a legitimate
client. He didn’t get caught for whole 7 months and would steal $,6000 this way.
And that’s when the weight of Fry Guy’s successes snapped his 16-year-old brain and
he made that bragging phone call to Indiana Bell. Getting attention from federal agents
would also put the Legion of Doom in jeopardy. The Secret Service installed pen registers
on phone lines of Prophet, Leftist, and Urvile. On July 22, 1989, the federal agents from
the Secret Service accompanied by police and Bell security officials raided the homes of
the Atlanta Three and Fry Guy. These raids turned out to be a gold mine for
the Secret Service. The Legion of Doom thought they had done nothing
wrong. Fry guy, however, was a wicked coward. While all four of them agreed to cooperate
fully, Fry Guy did something more. Being the only elephant in the room who actually stole
money he blamed all of his corrupted intentions on the Atlanta Three.
Fry Guy agreed to testify against the Legion of Doom. The Secret Service would then use
his long list of criminal charges to describe the activities of Legion of Doom in a public
propaganda. But the Legion of Doom was a totally different
breed than Fry Guy. For the Legion of Doom, hacking was a crusade for open access to the
computer revolution. They didn’t have criminal intent. They did indeed intrude computer networks.
But they never crashed or stole anything. Even if they obtained a proprietary software,
they would never make money off of it. It was their philosophy as hackers. They believed
corporations and governments shouldn’t restrict access to computer technology and that it
should be as free and open as possible. This is why one of the most frequent “victims”
of early hackers were companies like Apple or or big telco industry who liked to claim
monopoly on wisdom, despite the fact they built their successes on the backs of someone
else. This stigma between Apple and true hackers continues to this date.
Needless to stay, intentions of the Legion of Doom didn’t really matter to the law
enforcement. Cyberspace wasn’t attractive only for hackers and telco industry. It was
a vast new area where the government could expand their powers too. For law enforcement
agencies, including the Secret Service, cracking down on hackers, malicious or not, was a matter
of bureaucratic politics. They wanted higher budgets and thus needed to persuade Congress.
For the Secret Service, the Legion of Doom was their scapegoat. They had an underground
hacking group who promised to break the rules and Fry Guy’s crimes to prove their point.
Raids on the Atlanta Three also revealed the true face of who is on which side. In all
three raids, agents of the Secret Service were accompanied by corporate security officials
from BellSouth. They were the ones who determined the guilt of the Legion of Doom. They estimated
a price tag of their intrusions, and the Secret Service would take it at face value. It was
Bell Security officials primarily who decided what would be seized and worth the investigation.
It was as if corporations and government acted inseparably as one body.
At the time, none of the Atlanta Three were arrested or charged. But the raid on Prophet
would give the Secret Service a crucial lead to hunt down the rest of the Legion of Doom.
Prophet was in possession of a proprietary document he obtained while breaking into BellSouth’s
centralized automation system in early September 1988. Shortly referred to as E911, it was
a 12-page-long non-technical document describing Bell’s emergency response system.
Prophet didn’t damage or delete anything from the Bell system. He took E911 as a mere
trophy. He wanted to boast with his hacker skills so he sent a copy of E911 to Knight
Lightning, the editor of a popular hacker magazine PHRACK where they decided to publish
the document. Being too scared of the consequences, Prophet and Knight Lightning edited out all
of the identifiable or potentially sensitive information, essentially shortening the document
by half. On February 25, 1989, Knight Lightning published the heavily edited E911 in PHRACK.
However, before Knight Lighting even obtained E911, BellSouth officials had already known
about it. Prophet made a back-up of E911 on Jolnet board run by Richard Andrews. Andrews
examined the E911 and decided to pass it to his friend working as an AT&T communications
specialist. Being suspicious, Andrews’s friend then forwarded the document to Jerry
Dalton, from AT&T Corporate Information Security and a US Secret Service adviser. Dalton consulted
with Henry Kluepfel, a BellCore expert on telecommunications fraud, what to do. Kluepfel
determined the incident doesn’t deserve their attention and decided to do put it aside
for next 16 months. Until a nerve-wrecking event would suddenly change their position.
It’s Monday afternoon, January 15, 1990. An AT&T’s long-distance telephone switching
station in Manhattan crashed. Nothing too out of the ordinary. Telephone networks are
expected to have blackouts. Earthquakes, floods, fires, or winds can all easily break parts
of the system. This time, however, was different. Station after station across the US, telephone
switches began to crash one after another. 60,000 people lost their telephone service
and 70 million phone calls went uncompleted. This crash was unprecedented and no one knew
why it happened. One thing was clear- it wasn’t due to a physical damage.
For the law enforcement this was a proof of a danger they’ve been longing for. The crash
was too big to be blamed on natural causes. There must’ve been someone behind it. The
law enforcement already had someone like that – hackers. They were preparing for a war
against hackers and all they needed now was just a spark. The crash of AT&T network that
happened on the Martin Luther King Day appeared way too coincidental to be just an accident.
The Secret Service wouldn’t hesitate to crackdown on their scapegoat. The first prey
to the insidious beast was Knight Lightning. Three days after the crash he was visited
by Secret Service agents Foley and Golden along with Bell security officials. They would
search his house and accuse Knight Lightning of the crash. When that didn’t work, as
Knight Lightning had no idea why they were associating him with the crash, Foley confronted
him about the E911 document. Knight Lightning would handle the Secret Service a complete
run of Phrack and would agree to cooperate fully. He was to be in deep trouble for possessing
the document, which the Bell security officials estimated to cost $79,449. A day later Knight
Lightning was indicted for interstate transfer of a stolen property.
The Secret Service continued the manhunt on the Legion of Doom, or anyone associated with
them or the E911 document. On January 24, the Secret Service raided homes of another
three members of the Legion of Doom – Acid Phreak, Phiber Optik, and Scorpion. Raid forces
burst through their doors with guns drawn and would seize all of their computers, notes,
audio tapes, hard disks, floppy disks, telephone answering machines, and even books. When asking
what they had done to deserve so much attention, they were all accused of causing the AT&T
crash. It seemed very odd that the Secret would conduct
a second raid and accuse four people for the crash that the AT&T had officially admitted
to be caused by a software bug. Indeed, on January 17, AT&T’s Chief Executive Officer,
Bob Allen issued a public apology: “AT&T had a major service disruption last
Monday. We didn’t live up to our own standards of quality, and we didn’t live up to yours.
It’s as simple as that. And that’s not acceptable to us. Or to you… . We understand how much
people have come to depend upon AT&T service, so our AT&T Bell Laboratories scientists and
our network engineers are doing everything possible to guard against a recurrence…
. We know there’s no way to make up for the inconvenience this problem may have caused
you.” Needless to say, not one of the trio Acid
Phreak – Phiber Optik – Scorpion, were charged with crime or arrested.
The Secret Service confiscated the Phrack magazine from Kngiht Lightning, which was
publicly available for free anyway, in the hopes of expanding their raiding list.
The most promising case was a 28-year-old hacker by the name of Terminus. Terminus was
a full-time specialist in telecommunications programming. He was once praised for his impressive
computer skills in an interview by Phrack. On February 1, the Secret Service decided
to raid his house in search for evidence. It turned out that Terminus was not in possession
of the E911 document. However, agents found a piece AT&T proprietary software on his computer.
Terminus had been sharing it with other hackers through multiple underground nodes. Jarry
Dalton from AT&T security would evaluate the software at $300,000, a figure which every
IT insider except for the the Secret Service doubted. Terminus have never made nor sought
to make any money. But the Secret Service already had an excuse to raid five more people
whom they suspected of possessing this document. Three days later, Terminus was arrested and
eventually sent to prison for illicit use of a piece of AT&T software. But for the Secret
Service it was a dead end, because none of the Terminus’s acquaintances was charged
with crime or arrested. When the raid on Terminus and his contacts
didn’t lead any further, the Secret Service decided to take a turn. One of the people
whom Terminus exchanged some bits of information was Richard Andrews. That Richard Andrews
who informed AT&T about a rogue of E911 copy on his Jolnet board. Now it was very convenient
for the Secret Service and AT&T to raid his house too. Andrews’s good faith to inform
a company about a possible breach had resulted in having his computer equipment seized from
both his home and workplace. Andrews, as the usual drill goes, was not charged or arrested,
but it started to be obvious that Prophet was the one who broke into BellSouth and accessed
E911. So on February 6, Prophet, Urvile and Leftist were arrested.
After the raid on Terminus, the Secret Service thought they were on track of an underground
gang pirating UNIX software. The Secret Service started following places Terminus frequented.
One such place was Elephant node owned by Robert Izenberg. Izenberg used to be a UNIX
contractor for AT&T. On February 21, the Secret Service led by agent Foley searched his apartment
in Austin, Texas and seized $20,000 worth of computer equipment. They pressured Izenberg
to admit he was in conspiracy with Terminus and the Legion of Doom. But as it usually
went, Izenberg had no idea what they were talking about. He was just a provider of a
frequently visited node by all kinds of people. The Secret Service was blaming a provider
for the crimes of his users. They took his Elephant node along with 800 megabytes of
1990 data of dozens of Izenberg’s innocent users as “evidence”. But this was another
dead-end. Izenberg didn’t know anything about E911 and he was not a member of the
Legion of Doom. He was not charged with any crime or arrested.
When it seemed like this was the end of hunt for E911, it started to become clear that
the document must have circulated among hundreds of boards and nodes all over the US. One such
board was the Phoenix Project, created by two hackers from the Legion of Doom – the
Mentor and Erik Bloodaxe. After what happened to the Elephant node, Mentor decided to shut
down the Phoenix Project. But it was too late. The Phoenix board wasn’t just visited by
hackers, but telco industry experts as well. And even by Henry Kluepfel, a BellCore telecommunications
crime expert. He knew that Phoenix ran Phrack, had the E911 document, and was a haven for
the Legion of Doom. On March 1, Kluepfel would accompany the Secret Service to raid houses
of both Mentor and Erik Bloodaxe. Neither of them were charged or arrested. But Mentor
was employed as a managing editor at Steve Jackson Games. And as you already know, in
heat of the Hacker Crackdown, Kluepfel advised the Secret Service to raid the business of
Steve Jackson Games on the same day. The raid on Mentor and Steve Jackson Games would mark
the end of the hunt for the E911 document. But the crackdown itself could not stop at
few individual cases. They needed something big. Unprecedented. Shocking. And many responsible
people seemed to be on their side. On May 8, 1990, the Secret Service would conduct
their largest crackdown yet. Operation Sundevil. Twenty-seven search warrants, 150 agents,
16 cities across America. The Secret Service seized 23,000 floppy disks, 40 computers,
25 online bulletin boards, and an undisclosed amount of paper documents. Board after board,
they seized computer equipment in search for evidence that was supposed to proof their
point in a final message to the public. With a crackdown of this scale, hundreds must’ve
been arrested and dozens put to jail. From all this effort, they only managed to make
three arrests. But that was enough. Publicly dubbed as crackdown on credit-card fraudsters,
Operation Sundevil was never meant to be about mass arrests of criminals. It was about mass
searches and seizures in digital realm. That’s where the police wanted to expand their power.
That was the unopened door behind which was unchecked power of government surveillance.
At this point, constitutional protections haven’t expanded to cyberspace yet and the
law enforcement wanted to prevent that from ever becoming a reality. And that was the
point of the Hacker Crackdown. That was the point in their message.
“Today, the Secret Service is sending a clear message to those computer hackers who have
decided to violate the laws of this nation in the mistaken belief that they can successfully
avoid detection by hiding behind the relative anonymity of their computer terminals.(…
) “Underground groups have been formed for the
purpose of exchanging information relevant to their criminal activities. These groups
often communicate with each other through message systems between computers called ‘bulletin
boards.’ “Our experience shows that many computer hacker
suspects are no longer misguided teenagers, mischievously playing games with their computers
in their bedrooms. Some are now high tech computer operators using computers to engage
in unlawful conduct.” This message was broadcast to the press from
Assistant Director of the US Secret Service, Garry M. Jenkins. This is, of course, an obligatory
part of keeping healthy public relations. But when you dissect this message, you’ll
see the long-term strategic goals the Secret Service laid out for the future of US law
enforcement. First, the message warns there is a new kind
of danger – anonymous hackers who organize on digital underground to threaten the public
and even national security. Second, this danger is imminent and growing. Hackers are acquiring
new skills, are very well equipped and even infiltrated high level position in tech industry.
And finally, the US law enforcement led by the Secret Service is the most committed to
face this danger. Only they have an unparalleled experience and determination to deal with
this threat and take it to the front to fight these dangerous underground hackers.
If architecture of this message sounds familiar to you, that’s because this very formula
has been repeated in response to every major security issue by the US Government. Replace
hackers with terrorists, and you got yourself perfect “rally-round-the-flag” speech
to persuade the whole nation to go to war or install a total surveillance state. You
can see the same rhetoric is being used by the Russia gate or the drug war narrative.
Always create an assumption of great evil that’s imminently dangerous, and showcase
yourself as the most capable to handle it. And soon, you’ll enjoy the power to determine
what’s right and wrong. These narratives are carefully worded this
way for a reason. They are intended to lead towards expansion of jurisdictions and allocated
budgets. It’s especially true for the Hacker Crackdown as most people the Secret Service
raided were never charged or arrested. The threat of malicious hackers the message from
the Secret Service warned about was actually abysmally small. Operation Sundevil arrested
only three actual credit-card fraudsters and none of the arrested hackers from the entire
Hacker Crackdown ever damaged or deleted anything. The marketing magic of the Hacker Crackdown
didn’t work on a group of civil libertarians who were alarmed by the government’s determination
to crackdown on computer crime without fundamentally understanding the computer technology. They
realized that with the expansion of computers, civil liberties are in danger.
One of them was John Barlow. He had a first-hand experience with the Hacker Crackdown when
he was visited by FBI agents in Wyoming. They questioned him about a stolen source code
from Macintosh simply because an Apple official advised FBI to go to him. Barlow had nothing
to do with the Macintosh incident and this FBI visit would leave a mark on him. He got
in touch with Mitch Kapor who also reported a similar incident. Barlow and Kapor decided
to raise funds in defense of hackers facing jail time over vaguely defined computer crimes.
Their initiative quickly gained publicity. John Gilmore and Steve Wozniak, the co-founder
of Apple, provided further financial support. And that’s how the Electronic Frontier Foundation
was born. The first case for the EFF was the trial of
Knight Lightning on July 24, 1990. Knight Lightning was accused of stealing the E911
document from BellSouth. He pleaded innocent and declared his action of merely publishing
the E911 was protected under the First Amendment. His case was investigated by Henry Kluepfel.
He determined the cost of the 12-page long document at $75,000 as the sum of computer
equipment, resources, and human labor. Kluepfel also accused Knight Lightning of distributing
a dangerous weapon, as he argued the E911 was a “road-map” to the Enhanced 911 system.
And the court took his claims at face value. Knight Lightning was facing 30 years of prison
time. But they had several major flaws. First of all, the cost of the document seemed
way too arbitrary. The defense of Knight Lightning discovered BellSouth was giving this document
to anyone who asked enclosed in a catalog they were selling for $13. And as for Kluepfel’s
second claim, the E911 document contained no technical details, no access codes or passwords,
nothing that would help anyone break in to the Enhanced 911 system. The document merely
described the hierarchy of personal responsibilities and as such, was completely useless in breaking
into computer systems. On July 27, the case was dropped and Knight Lightning was a free
man. At the cost of owing over a $100,000 to his lawyers, despite generous contributions
by the EFF. Knight Lightning’s case would shred the
public credibility of the Hacker crackdown. Nonetheless, other cases didn’t end so victoriously.
Prosecutors failed to prove the Legion of Doom was behind the AT&T crash in January,
or credit card fraud. But still all three Atlanta members of the Legion of Doom were
pressured to plead guilty for intrusion. Urvile and Lefist got 14 months of jail time and
Prophet was sentenced to 21 months. The Atlanta Three also had to pay staggering $233,880
in fines. This is how much BellSouth evaluated their computer passwords and addresses. This
price was not divided among the three, but each one had to pay the full sum individually.
As a cherry on top, the Atlanta Three were forbidden to use computers. The EFF protested
that this punishment was unconstitutional as it would deprive their rights of free association
and free expression through electronic media. Terminus was sent to jail to a year for his
crime of a transferring a UNIX password trapper, again valued by AT&T at $77,000. Acid Phreak
and Scorpion were sent to prison for six months, six months of home detention, and 750 hours
of community service. Phiber Optik was sentenced to a year in prison. Fry Guy, the only real
thieve, was sentenced to forty-four months’ probation and four hundred hours’ of community
service. Steve Jackson Games decided to sue the US
Secret service for damages inflicted by the raid and seizure of essential business equipment.
The court awarded SJG $50,000 in statutory damages and $250,000 in attorney’s fees.
The judge rebuked the Secret Service, suggesting they had no basis to suspect SJG of any wrongdoing.
For AT&T, the Hacker Crackdown was a blessing. At the time of the nationwide crash in January
15, 1990, it turned out to be very fruitful that the law enforcement publicly blamed hackers
for a disruption caused by a bug in AT&T software. This crash, however, wasn’t the only one.
In July 1, 1991, a single mistyped character in a computer software collapsed switching
stations in Washington DC, Pittsburgh, Los Angeles, and San Francisco. The collapse left
12 million people affected. When the New York Times reported on the incident they still
considered the possibility of a hacker sabotage. But when another crash happened 2 months later,
in September 17, vilifying hackers proved to be a fallacy. AT&T was a laughing stock
for regulators and industry competition alike. MCI, AT&T’s long-time rival, capitalized
on this by marketing their long-distance services for the “next time that AT&T goes down.”
AT&T saw the Hacker Crackdown as an opportunity to claim monopoly over network markets but
their own inability to keep their networks stable resulted in a fiasco. At least for
that time. Cracking down on hackers was a war on their
ideology. Telco industry didn’t like that hackers believed software should be free and
open. That’s not how you become a monopoly. And if their ideology attracted law makers,
their business strategies was in jeopardy. Opening up access to computer technology would
enable individuals to compete directly with big corporations and they couldn’t let that
happen. Allying with the Secret Service to portray telco corporations as victims of underground
hacker gangs managed to achieve the desired results. It became politically incorrect to
align with original hacker ideas. None of the constitutional principles extended to
cyberspace. And more than 20 years later, we learned that secret government agencies
continued to collaborate with tech industry to penetrate the digital realm and take full
control of the cyberspace. But true hackers still exist. People who value
principles over personal loyalty are still alive. Despite the ongoing war on Internet
freedoms, privacy is not completely dead and freedom of speech is still breathing. These
people are still hated, vilified, and hunted by the coalition of corporations and governments
around the world. But the fight is far from over.