Pentagon 'Hacker' Speaks Out

by James Glave

12:17pm 3.Mar.98.PST

http://www.wired.com/science/discoveries/news/1998/03/10666

One of the two teenagers rousted last week by the FBI for hacking government servers said that he still has high-level access to hundreds of government and military networks. Further, the youth said colleagues, upset with the way his story has been sensationalized by the media, are planning online "retaliatory actions."

The hacker, who goes by the name Makaveli, made the comments in several phone interviews and email exchanges with John Vranesevich, founder of the computer security group AntiOnline.

Vranesevich has published several excerpts from his conversations with Makaveli on his Web site, which is dedicated to educating the public on computer security issues. Over the course of five phone call interviews, the youth, a junior in high school in Cloverdale, California, said he wanted to set the record straight about his encounter with the FBI last week.

"They came into my house, took me in the living room, and starting taking all of the computer equipment from my room," Makaveli told Vranesevich. "They didn't even leave the phone line leading from the wall to the modem," he began. "They took all of my CDs - music CDs, data CDs, my printer, speakers, everything," he said.

Vranesevich said that Makaveli had told him that he and his partner, who goes by the name TooShort, both lived in the same neighborhood and were both visited by federal agents on the same night.

"They were very upset by the way they were treated by the FBI, 'roughhoused' was the word they used," said Vranesevich, who said that Makaveli contacted him because of AntiOnline's reputation in the hacker community and its level-headed approach to security issues.

Makaveli was neither handcuffed, nor placed under arrest. And though agents removed all of his equipment, according to Vranesevich, the youth still has Internet access through his school, and has sent him email today.

"One of the things [the agents] came back to over and over was the 'LLNL' (Lawrence Livermore National Laboratory) - they wanted to know if he had read any files, if he remembered the names of any files and folders, if he knew if anything was classified," said Vranesevich.

Last week deputy secretary of defense John Hamre told reporters that in recent weeks the Pentagon had been the subject of the most organized and sophisticated network attacks to date. But according to Vranesevich, Makaveli said that Hamre had been overgeneralizing.

"Pentagon servers, that's basically what they call any .gov or .mil site it seems," Makaveli reportedly said, referring to the thousands of machines that are classified as government or military, but could be anything from servers holding Department of Agriculture statistics, to Army recruiting Web sites.

Hamre said that no classified systems had been accessed, but Makaveli suggested otherwise.

"The one site that [FBI agents] kept asking me about over and over was one that they called 'classified.' It was LLNL."

Vranesevich said that Makaveli told the agents that he didn't know which machines or files were classified, but that he had "rooted" - or obtained administrator-level access to - hundreds of machines, including those at the Lawrence Livermore Lab.

"His feelings were that [the FBI agents] were trying to go after this other guy from a different country, who was his mentor," said Vranesevich.

"He told me that this guy was 'so good, they'll never find him,' " Vranesevic said. "[Makaveli said] I don't even know who he really is. But he comes from a country where, if they were to know about him, they'd just shoot him in the head. That's why he has to protect himself so closely," Makaveli told Vranesevich.

Shoot him in the head? Never find him? Analyzer was caught pretty quickly.

The young security whiz said that the story of his accomplishments has been misrepresented by the media, the government, and the owner of Santa Rosa, California-based Internet service provider NetDex Internet.

"That guy [Netdex owner Bill Zane] is out for attention - and none of the hacks were done through there," Makaveli told Vranesevich. Instead, the youth claimed to have rooted NetDex servers and uploaded the very security tools that Zane later claimed to have used to track the pair down.

"That guy is out for attention"? And Makaveli talking to various news outlets is any better?

Zane told Wired News that Makaveli "used various machines, including ours, in a sequence of machines that he used to telnet in and telnet out to do their hacking," he said. He confirmed that Makaveli had obtained root access on his servers, but that he did not have it anymore.

Vranesevich said that while Web servers are not supposed to contain any sensitive files, they are often used as a jumping-off point to access other machines inside a network. "[Makaveli and TooShort] would jump from box to box, because that would give them a 'host allow' (the required internal network access) to access another box," said Vranesevich.

Zane declined to provide details of Makaveli's techniques, or his own security measures, and instead blamed poor supervision on the part of the youth's parents and teachers.

"To use the information superhighway as a metaphor, you don't put a kid on the car and turn him out on the highway," said Zane, who said that teenagers' online activities should be very closely supervised. "It's one thing when it is a freestanding computer in a corner, it is another thing with computers on the Internet," Zane said.

Makaveli countered early reports that his motivations were political. "It's power dude, you know, power," he said, referring to the thrill of discovery that drives many hackers into illicit thrillseeking.

Vranesevich said that Makaveli and TooShort don't have extraordinary skills, they just got caught and then were made an example of.

"It's not a matter of people such as Makaveli knowing how to break in - they are just afraid of the consequences," said Vranesevich.

Makaveli ended his conversation by suggesting that his friends in the hacking community were considering retaliatory action - then hinted that more surprises are in store.

He got caught doing something illegal, and they want to retaliate?

"I'll warn the FBI now, that there [are] a lot of hacked servers they don't know about yet, but they're going to find out in a hurry," Makaveli told Vranesevich, then declined to elaborate further.

With the rate Makaveli talks to feds (see above), I doubt they will wait long before they know.