This article appeared in the August 22,1990 Wall Street Journal

Open Sesame
--------------
In the Arcane Culture Of Computer Hackers, Few Doors Stay Closed
--------------
Frank Darden Easily Broke Into BellSouth's Network
Trading Tips With Others
--------------
Entering the Legion of Doom
--------------
By John R. Wilke, staff reporter of The Wall Street Journal

ATLANTA- Frank Darden got his first computer at the age of 16, a
Christmas present from his parents. Sitting on a desk in his bedroom,
it opened a window on a world he found so consuming that he quit high
school and spent most days and nights at the keyboard.

His parents often wondered what their son found so compelling in the
endless hours he spent alone in his room. Then one afternoon last
summer, a dozen Secret Service agents burst into the family's suburban
home. Agents held Edward and Lou Darden at gunpoint as they swarmed
into their son's room, seizing scores of disks mloads of files and
three computers.

When Frank got home an hour later, the terrified young man confessed
that he had used his home computer to break into BellSouth Corp.'s
telephone network. In February, Mr. Darden and two others were
indicted on felony charges of conspiracy and wire fraud.

"I guess now my parents know what I was doing in my room." says a
remorseful Mr. Darden, a bright, impatient 24-year-old with
shoulder-length hair and a tie-dyed T-shirt.

Just Passing Through

Mr. Darden thus became another of the growing number of "hackers"

nabbed by federal agents. For a long time, these high-tech trespassers
operated in relative obscurity, using their computers and phone lines
to go where few people were meant to go. But lately, in a string of
highly publicized cases, hacking has moved towards the forefront of
white-collar crime. Increasingly, banks, businesses, credit bureaus and
telephone companies are discovering that someone, often in the dead of
night, has wandered into their computer systems- and left his mark.

As Mr. Darden's experience reveals, hacking has developed its own

subculture, rich with literature and legend and peopled by electronic
vandals, voyeurs and explorers known by fanciful code names. "Any
business that has a computer hooked to a phone is vulnerable," warns
Mr. Darden, who calls himself the "The Leftist." Before the bust, he
was one of the best.

Starting Early

An early target in the crackdown was the Legion of Doom, an elite

clique of hackers that included Mr. Darden and was targeted by the
Secret Service because of its members' notable skills. "The Legion of
Doom had the power to jeopardize the entire phonetwork," says Kent B.
Alexander, an assistant U.S. attorney prosecuting Mr. Darden's case in
Atlanta.

In a Secret Service affidavit filed in U.S. District Court in Atlanta,

BellSouth investigators call the Legion of Doom "a severe threat to
U.S. financial and telecommunications industries." Federal agents
suspect the Legion was responsible for software " time bombs" -
destructive programs designed to shut down major switching hubs-planted
in telephone company computers in Denver, Atlanta and New Jersy last
year. The programs were defused before causing damage, investigators
say, but the intrusions, which weren't disclosed by the phone
companies, could have knocked out service to hundreds of thousands of
customer phone lines.

The government sweep so far has bagged a motley band, mostly loners and
young rebels in their teens or early twenties. In past cases, many of
the hackers who have admitted breaking into computers have insisted
that they didn't damage the systems they penetrated. They did it for
sport.

"There's no thrill quite the same as getting into your first system,"
says Phrack, an electronic magazine run out of a University of Missouri
dorm and accessed by computer. Before it was shutdown in the latest
sweep, Phrack (for phone-freak hacking) published tips on cracking
computer security. One issue offers a "hacker's code of ethics," which
advises, "Do not intentionally damage any system" or alter files "other
than the ones you need to ensure your escape." Another rule: "Don't be
afraid to be paranoid. Remember, you are braking the law." Mr. Darden
says he strictly adhered to the code.

But the hackers' creed means nothing in court. There, hacking is

treated much like any other form of criminal trespass under a law
Congress passed in 1988. The law persuaded many hackers to end their
illicit forays. But it turned other hobbyists into criminals.

During his hacker days, Mr. Darden's world was an oddly solitary one.
For hours on end he sat in front of the computer screen, finding his
only human contact in the words and arcane code that arrived via
computer from other hackers. "Once he got into ubject, there was no
stopping," recalls his mother. "he was always studying up on
something. He read encyclopedias as a pastime."

Geography was meaningless; friends from around the world were just a
few keystrokes away, thanks to modems that connect computers through
the phone lines. Mr. Darden says he has struck up many lasting
friendships on-line with people he has never met in person.

In this silent, cerebral world, age is also irrelevant. Only computer

skills count. Once on-line, a hacker can be anyone he or she wants to
be. "No one knows if you're fat, pimply, or scared to talk to girls,"
says Sheldon Zenner, a Chicago attorney w recently defended an editor
of Phrack on felony wire-fraud charges. "Suddenly you're no longer
just the shy adolescent, but Knight Lightning or The Prophet."

Tough Choice

"It's a compulsion for some of these people," adds Mr. Alexander, the
Atlanta prosecutor. "I'm convinced that if Lotus 1-2-3 was behind Door
No. 1, and Cheryl Tiegs was standing behind Door No. 2, a hacker would
go for the software.

Mr. Darden recounts his hacking days with disapproval- and just a touch
of pride. He broke into his first system at the age of 17, dialing his
way into a big computer at Hayes Microcomputer Products Inc., in
Norcross, Ga., and nosing around the system I didn't take anything, I
was just trying to see if it could be done," he says now. Hayes
uncovered the breach and quickly tightened security, he says.

Hacking sessions often stretched into the early morning hours. He would
start by checking lists of computer phone numbers collected by his
computer the night before through an automatic process called "war
dialing." That's the brute force approach to king, when the computer
runs through the night, methodically dialing every number in a
telephone exchange. It records the number whenever it hits a "carrier
tone" signaling a computer is on the other end.

In a typical night of war dialing, in which the computer might check

thousands of numbers, perhaps 100 computer carrier tones would be
unearthed, "each one a potential treasure chest," Mr. Darden says. He
would then begin calling down the "hit list" with his computer, each
time trying to determine what kind of system was on the other end. Fax
machines were a problem, because they emit a tone that sounds like a
computer, so he wrote software that ignored them.

Hello, Are You There?

Each kind of computer had a distinctive response to his call, so he

would tailor his approach to the type of system he encountered.
Computers that used the Unix software operating system were especially
easy to break into, while Digital Equipment Corp.'s VAX computers,
which have multiple levels of security, presented a bigger challenge.
But he says he was fond of the VAX because of its widely used software.
"For a hacker, the VAX is like putting on an old Jimi Hendrix record in
a bar- it's a real clasic." Using purloined telephone credit-card
numbers, which his computer generated through a trial and error, he got
into computers all over the world, including an encounter with a VAX
that spoke Finnish.

He devised password-cracking programs that automated the hacking

process. He also devised a program that let him capture legitimate
users' passwords as they logged onto the system. When he found a
password the target computer recognized, his screen wo typically
respond with a prompt, such as a sign. "Once you get that, you have an
open door," he says. Often he would play "cat-and-mouse games" with a
company's computer operators. "I'd send a little greeting to their
printer, to let them know I was there. It drove them crazy."

Credit bureaus were a favorite target. And, despite the warnings of

other hackers that it might give him away, his first move was to look
up his own credit report. "Naturally, I didn't have one," he says. He
found his parents' report, and looked up ot s for friends.

To make the process more efficient, and to show off, Mr. Darden and
other hackers traded phone numbers and system-cracking tips on pirate
"bulletin boards"- computer systems that store and forward text and
electronic mail over phone lines. "Black Ice" is one such board.
Access was tightly limited to an elite circle.
 No Busy Signal Here

Mr. Darden's biggest thrill as a hacker- and ultimately his downfall-

came when he broke into a big BellSouth computer in Atlanta used by
technicians to maintain and control the phone system. He learned how to
navigate within the system by asking questions of BellSouth's own
on-line "help" program. Once inside, he found he had the ability to
reroute telephone calls or bring down switching centers, neither of
which he says he did. Mr. Darden did, however, listen in on a few phone
lines, but only those of other hackers, he insists, and only to prove
his prowess.

"If we wanted to, we could have knocked out service across the
Southeastern U.S.," he says. "The fact that I could get into the
system amazed me. But we were careful not to damage anything."

Not surprisingly, when BellSouth discovered hackers were rummaging

through its computer, it reacted swiftly. It put 42 investigators on
the task of tracking the intruders down, and spent $1.5 million on the
effort. Once it found the source of the intrusions, it called the
Secret Service, which enforces computer-crime laws.

In the indictment, Mr. Darden and two co-defendants, Robert J. Riggs,

21, a.k.a. The Prophet, and Adam E. Grant, 22, a.k.a. The Urvile, were
charged with taking copies of proprietary software from BellSouth
during their ramblings in the system, and with unauthorized intrusion,
possessing illegal phone credit-card numbers with intent to defraud,
and conspiracy. Messrs. Darden and Riggs pleaded guilty to conspiracy
and face a maximum of five years in prison and a $250,000 fine. Mr.
Grant pleaded guilty to possessing BellSouth computer access codes with
the intent to defraud and faces a maximum of 10 years in prison and a
$250,000 fine. Sentencing is scheduled for Sept. 14.

The only good thing to come out of the whole experience, Mr. Darden
muses, is that after he was indicted, his high-school sweetheart- whom
he often spurned in favor of his computer- saw his picture on the
front page of the local paper and got back in ch.

Mr. Darden, who now works installing systems for a local computer
company, views himself as a purist, hacking for the thrill of exploring
the forbidden. He looks down on those who use their skills simply to
steal phone and credit-card numbers. But in thi s game, information is
everything, and not even Mr. Darden can control its spread. During
their sweep, federal agents have found some hackers using code-cracking
information dug up by the Legion of Doom to perpetrate their own
practical jokes and fraud.

For a few days last year, for example, phone calls to the Delray
Beach, Fla., probation office were mysteriously rerouted to a
dial-a-porn line in New York. Secret Service agents say it's the kind
of thing the Legion might have done.

And in Elwood, Ind., a 15-year-old calling himself Fry Guy allegedly

used information he got from the Legion to carry out an elaborate
fraud. Secret Service agents say he used his computer to break into a
credit rating service in Maryland to pilfer VISA and MasterCard credit
information. He then entered BellSouth's control network and altered a
pay phone on a street corner in nearby Paducah, Ky., to residential
status. Next, he called Western Union and had cash wired out of
credit-card accounts to the Pa ducah Western Union office. When Western
Union called the credit-card holders to verify the transactions, the
calls were forwarded to the pay phone and then to the youth's home
phone, where he posed as the credit-card holders and gave approval. The
cash w as then picked up at the Western Union window, investigators
say.

In all, Fry Guy siphoned more than $10,000 in cash and purchases from
credit-card accounts, alleges William M. Gleason, the Secret Service
investigator. He also found evidence that Fry Guy, whose name hasn't
been released, hacked his way into a payrol computer for a local
McDonalds Corp. outlet, giving pay raises to his friends working at
the restaurant.

Fry Guy's case is being handled by state and federal juvenile

authorities and, because of his age, it is unclear what punishment he
might get. At the very least, his parents are likely to watch the
family phone bill more closely. In a recent meeting w federal
prosecutors, Fry Guy's exasperated father wore a baseball cap bearing
the legend "Kids: They'll drive you crazy."

Federal agents admit that, when they detect an intruder inside a

computer, there isn't any way of telling if it's a precocious teenager
or a crook out to commit fraud. So they simply execute the law.

"When a hacker gets into a system, it's no different from a burglar

breaking into your home or office," says Secret Service agent James
Cool. If the door is open, the law treats a trespasser differently, he
adds. But if a hacker cracks a password to g into a system, "it's the
same as kicking in a locked door- and we're going to come after them."

Ed Darden wishes he had known all of this before he gave his son that
Apple II for Christmas eight years ago. "I'd have thought twice about
it," he says. "Maybe we should have given him a bicycle."

*end of file*