Copy Link
Add to Bookmark
Report
Tolmes News Service 13
#######################################
# #
# #
# ======== =\ = ====== #
# == = \ = = #
# == = \ = ====== #
# == = \ = = #
# == = \= ====== #
# #
# #
# <Tolmes News Service> #
# ''''''''''''''''''''' #
# #
# #
# > Written by Dr. Hugo P. Tolmes < #
# #
# #
#######################################
Issue Number: 13
Release Date: November 19, 1987
TNS Issue #13 will try to help explain the events concerning an article about
Capt. Zap in the Wall Street Journal.
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
TITLE: It Takes a Hacker to Catch a Hacker As Well as a Thief
FROM: The Wall Street Journal
DATE: November 3, 1987
Ian Murphy Helps Companies Catch Computer Pirates; But Whose Side Is He On?
By Dennis Kneale
PHILADELPHIA- It is almost 2 a.m., and the room is dark but for the
phosphorous glow of the computer screen that illuminates the cherubic face of
Capt. Zap. He taps the keyboard in his lap and searches for "hackers" who
break into computer systems for fun or malice.
"We've got one," Capt. Zap says. he starts an on-screen dialogue with
the hacker and asks for phone numbers to corporate data bases that might be
fun to hack into. The hacker advises that the best place to look tonight is
the "Holiday Inn," a secret electronic bulletin board that lists such numbers.
The captain heads thataway. Capt. Zap, actually Ian A. Murphy, is well-known
as one of the first convicted computer-hacker thieves. He has since
reformed- he swears it - and has been resurrected as a consultant, working the
other side of the bulletin boards and the right side of the law. His
detractors doubt it.
CRIME CREDENTIALS
Other consultants, many of them graying military veterans, try to flush
out illicit hackers. But few boast the distinction of a real hacker-and one
with a felony among his credentials Capt. Zap is more comfortable at the
screen than in a conversation. Asked to name his closest friend, he shakes his
head and throws up his hands. He has none. "I don't like people," he says.
"They're dreadful."
"He's legendary to the hacking world and has access to what's going on.
That's a very valuable commodity to us," says Robert P. Campbell of
Advanced Information Management in Woodbridge, Va., Mr. Murphy's mentor,
who has hired him for consulting jobs. The 30-year-old Mr. Murphy is
well-connected to his nocturnal netherworld. Every night till 4 a.m.,
he walks a beat through some of the hundreds of electronic bulletin boards
where hackers swap tales and techniques of computer break-ins. They trade
passwords. They debate the fine points of stealing long-distance calls. They
give tutorials: "Feds: How to Find and Eliminate Them." It is very busy these
nights. On the Stonehenge bulletine board, "The Marauder" has put up a
phone number for Citibank's checking and credit-card records, advising,
"Give it a calphy finds a primer for rookie
"hacklings," written by "The Knights of the Shadow." On yet another, he sifts
out network codes for the Defense Department's research agency.
He watches the boards for clients and warns when a system is under
attack. For a fee of $800 a day and up, his firm, IAM/Secure Data Systems Inc.,
will test the securtiy of a data base by trying to break in, investigate how
the security was breached, eavesdrop on anyone you want, and do anything else
that strikes his fancy as a nerd vs. spy. He says his clients have included
Monsanto Co., United Airlines, General Foods Corp. and Peat Marwick. Some
probably don't know he worked for them. His felony rap- not to mention his
caustic style - forces him to work often under a more established
consultant.
"Ian hasn't grown up yet, but he's a technically brilliant kid," says
Lindsey L. Baird, an Army veteran whose firm, Info-Systems Safeguards in
Morristown, N.J., has hired Capt. Zap. Mr. Murphy blames corporate "stupidity"
and laziness for the hacker problem. He says companies aren't alarmed enough
over the lapses, and he blares the blunt message on "Good Morning America,"
at industry seminars and in technical papers. His kinds of services are much
in demand these days, even if his blunt criticisms aren't. Computer break-ins
cost companies millions of dollars each year in corporate espionage, fraud and
hassle. The accounting firm of Ernst & Whinney puts computer-fraud losses at
more than $3 billion a year. Other experts say any figures are bogus
because most thefts of data, software and such things as credit-card
information aren't reported.
Companies don't like admitting they were outfoxed by techies barely
old enough to vote. Lots of hackers have been busy lately. Agents recently
busted "Shadow Hawk," 17-year-old Herbert Zinn of Chicago. He hacked into
American Telephone & Telegraph Co. systems and allegedly heisted software
worth $1 million by "downloading" it to a home computer.
RUINED RESEARCH
This summer, hackers in West Germany tapped into the U.S. space
agency's European network, peeking at files on booster rockets and shuttle
contracts. One of them changed a variable in a scientist's equation from pi
(3.14159265) to 7, ruining two months of research.
Capt. Zap views this underword from a frighteningly cluttered apartment
on the city's north side. Short and pudgy, he hovers at the screen
surrounded by an electronic arsenal: closed-circuit video, printer, police
radio, TV, eavesdropping gear, auto-dialer, shortwave radio, oscilloscopes
and other gizmos.
"He's in control, it's his little world," says his wife, Carole Adrienne,
who uses her psychology training to analyze the hacker mind-set. The place
is so messy she refuses to live there. When they were first separated, Mr.
Murphy admits he spied on her. "I'm an extremely jealous man," he says, "and I
have the technology to stop any man." Says she "You never know when the
surveilance ends."
Mr. Murphy's electronic voyeurism started early. At age 14, he woul back yard to tap into the phone-switch box and listen to
neighbor's calls. (He still eavesdrops now and then.) He quit high school at
age 17. By 19 he was impersonating a student and sneaking into the computing
center at Temple University to play computer games.
EASY TRANSITION
From there it was an easy transition to Capt. Zap's role of breaking
in and peeking at academic records, credit ratings, a Pentagon list of the
sites of missiles aimed at U.S., and other verboten verblage. He left even
his resume inside Bell of Pensylvania's computer, asking for a job.
The elctronic tinkering got him into trouble in 1981. Federal agents
swarmed around his parents' home in the wealthy suburb of Gladwyne, Pa. They
seized a computer and left an arrest warrant. Capt. Zap was in a ring of
eight hackers who ran up $212,000 in long-distance calls by using a "blue
box" that mimics phone-company gear. They also ordered $200,000 in hardware
by charging it to stolen credit-card numbers and using false mail drops and
bogus purchase orders. Mr. Murphy was the leader because "I had the most
contempt" for authority, he says. In 1982, he pleaded guilty to receiving
stolen goods and ws sentenced to 1,000 hours of community service and 2 1/2
years of probation. "It wasn't illegal. It was electronically unethical," he
says, unrepentant. "Do you know anyone who likes the phone company? Who would
have a problem with ripping them off?"
Mr. Murphy, who had installed commercial air conditioning in an
earlier job, was unable to find work after his arrest and conviction. So the
hacker became a hack. One day in his cab he picked up a Dun & Bradstreet
Corp. manager while he was carrying a printout of hacker instructions for
tapping into Dun's systems. Thus, he solicited his first consulting
assignment: "I think you need to talk to me." He got the job.
Now Mr. Murphy treads a thin line between the hackers he revers and the
corporate clients he reviles. The line is so thin that critics doubt that his
reformation is real. "Ian is a nice guy, I like him. I just don't trust his
ethics. I think he's still on both sides of the law," says Carl Jackson, a
security executive at Ford Motor Co. Some say Mr. Murphy is more loyal to
hackers than clients. He claims to employ the nation's top 10 hackers to
break into client computers. This gives executives the jitters. Once hackers
find a way in, while getting paid to do it, what is to stop them from breaking
in again later on? Mr. Murphy won't disclose who is behind a break-in and
won't help catch the culprit. he even advises hackers how to detect bugging
by the feds. "I am not a bouty hunter," he says.
As a consultant, Mr. Murphy gets to do, legally, the shenanigans that
got him into trouble in the first place. "When I was a kid, hacking was
fun. Now I can make money at it and still have a lot of fun." He loves
"tiger teaming" testing a client's security by breaking into his computer
by any means necessary.
In tiger teaming, Mr. Murphy has even crawled through garbage bins in
searchiscarded passwords (To demonstrate this on a moonlit
walk at 3 o'clock one morning, he rips open a dozen trash bags outside an
office building and exposes reams of papers.) Wearing a yellow slicker
labeled "Bell of Pennsylvania," he bluffed his way into an insurance
office posing as a repairman. Once inside, he made a beeline for the
computer room. The inspiration for such capers? Old reruns of "Mission:
Impossible," he says.
Some clients get queasy over his methods. Mr. Murphy had a row with Peat
Marwick when one official balked at his criminal record and how he tiger-teamed
the insurance office. Mr. Murphy says the accounting firm at first wouldn't
pay him the $24,000 he was owed, but it relented. Gary G. Goehringer, a Peat
Marwick manager, confirms he hired Mr. Murphy for two jobs and stresses he was
under close supervision at all times.
Now Ian Murphy looks to his next job. A Chicago company in a
patent-infringment dispute suspects that a rival stole secrets by hacking
into its computer system. Mr. Murphy may tiger-team the client's computer
system to see whether getting is doable. Better yet, he may break into
the rival's computers to see whether the client's data are stored inside. He
must check the legalities, or lack of them, for what doing this. Capt. Zap
can barely wait.
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
NOTA:
The notes on this article will be extrememly long.
Capt. Zap claims that he is not a "bounty hunter" but there are a few
things to consider:
======================================
"It Takes a Hacker to Catch a Hacker"- Does Capt. Zap catch hackers?
"Ian Murphy Helps Companies Catch Computer Pirates"- Does he really catch
computer pirates (hackers)?
"He taps the keyboard in his lap and searches for 'hackers'"- Again, does he
go searching for them? Like a bounty hunter?
"He walks a beat through some of the hundreds of electronic bulletin boards
where hackers swap tales and techniques"- Walks a beat? Like a cop?
"working the other side of the bulletin boards and the right side of the
law"- Is he on the "other side"?
All of the quoted material comes from the article. The impression that Capt.
Zap tracks them down actually seems to be false. He does NOT work like John
Maxfield (Cable Pair) and the article states that he is not a "bounty hunter"
or is involved in the busting of hackers. Capt. Zap tries to get this across
in the article but the writer of the article should be blamed for any type of
view that Capt. Zap works for the "other side." Capt. Zap does do security
work (as do many other hackers) but don't think of him as a threat or some
agent sent out to infiltrate bulletin boards. Most of his security work is in
protecting systems. Interested persons who would like to employ his services
should contact him (which shouldn't be too difficult since he is on many
bulletin boards across the country.) Personally, I have said some unjust things
about Capt. Zap and should apologize but the article does give a certain
impressihacker tracker.
======================================
Capt. Zap "is well-known as one of the first convicted computer-hacker
thieves"-
Capt. Zap wasn't actually one of the first convicted computer-hacker
thieves. His arrest did not involve computers. But he is well-known in the
hacking world and has been around for a long time.
======================================
"On another board, Mr. Murphy finds a primer for rookie 'hacklings,' written by 'The Knights of the Shadow.'"-
This refers to the series put out by the Knights of the Shadow a long time
ago. There are actually 4 files (introduction and 3 instruction files.) The
files mentioned detail hacking into: DEC-20's, VAX/UNIX, and Data General
systems.
======================================
For a moment I'd just like to stray off the subject. Capt. Zap and Tuc
know each other and are both well-known in the hack/phreak world. Not so long
ago, Capt. Zap learned that Tuc was giving seminars on computer security and
was working as a security consultant. Capt. Zap left the following messages
on various bulletin boards concerning Tuc's actions. These posts are taken
from many different bulletin boards:
87Sep19 From CAPT. ZAP
Yes it seeems that because of one person, we will all have to pay for his
actions. It is very strange that such things happen just when you thought it
was safe to dial... Well the phone police have struck again! And while I
am thinking about it, there seems to be a small leak possible here and I
would like to bringit to the attention of the systems owners. As I have heard
about this person and his ways to do things, we also have the distinct
knowledge that the person is now going to release certain information to
persons unauthorized. I will relay this information by voice only to those
who identify themselves beyond a shadow of a doubt. And to the person who I
am speaking about, we know who you are and your days of asking questions and
trying to be something that yo are not, are comming to a close very soon. And
remember I have your number! For those who wish to find out what and who the
person is and the background information may call 215-634-5749.
\/ Capt. Zap \/
** --------- ** Copyright @ 1987, I.A.M. , IAM /SDS Inc.
87Sep23 From CAPT. ZAP
Well once again its time for news from real world.... First, we have the
continuing story of the Shadow Hawk incident! He will be going away on a
federal or state sponsered vacation, and then we have the civil damages that
will come from his actions and the major lawsuits to be fielded by his
parents. Now I do not know what sort of amounts will be leived, but you can
bet that they will be heavy. As to the continuing story of federal agents and
the like, we have the TUC story brought to by me. It turns out that our large
friend is helping in a seminar produced by the Maryland chamber of commerence.
His little thing will be called "How to break into your computer system". He
has 45 minutes and his title is President of Telecom Corp. Now I wasession that he was working for his father and collecting Cabbage Patch
dolls while reporting on his fellow phreaks to the like of Mr. Maxfield and
Mr. Bowens from MCI security. Now since he is an informant and will be sharing
his knowledge with others, I see this as an excellent reason to use the
copyright law to stop any use of information that he may collect from being
used by others or read by others without permission. I will say that I will be
sending a letter to him and his sponser that will inform him and the sponser
that any and all information that I have posted or provided, is for the use of
AUTHORIZED persons or organizations and that any use without the expressed
written permission will constitute a violation. I THINK THAT IT IS TIME TO PUT
AN END TO TUCS COMPUTER RELATED LIFE! NO ACCESS SO WHAT SO EVER!
\/ Capt. Zap \/ Copyright @ 1987, I.A.M. , IAM/SDS Inc.
Numb: 33
Subj: More Important News!
From: CAPT ZAP
Date: THU SEP 24 7:08:14 PM
Well I have learned that the one person who we all consider a fed will be
speaking in Baltimore and his topic will be....
How to break into yor computer system, presented by none other than our
friend TUC. He has gone over to the other side in a big way and is now
considered to be fair game for all of us to stop! He claims to to be the
president of TELECOM Corporation! I will be perfroming a search to see if such
a company does live! But now is the time to spread the word and in a big way to
stop him from gaining access to ANY SYSTEM throughout the nation. Now I am
wondering if there is a way to put a damper on this project and put a stop to
him once and for all! As you know we have a number of informants on here and
that we have to stop any person or group (federal or phone police) from
gaining access
As you might notice from the previous messages posted by Capt. Zap, he
is definitely angry that TUC is doing computer security work. Even thought he
does almost the exact same thing. His messages tell of TUC giving a lecture
on computer security and not busting people. His messages also suggest that
TUC is working for John Maxfield (as an informer) and also for MCI. Both of the
charges are unsubstantiated but Capt. Zap says that he is doing it anyway.
Now that we've seen how angry Capt. Zap was, let's go back to the article (the
one printed at the beginning of this issue:
"He says companies aren't alarmed enough over the lapses, and he blares the
blunt message on 'Good Morning America,' at industry seminars and in
technical papers"-
You'll notice how Capt. Zap gives even more speaking on hackers than TUC
does. TUC, according to Capt. Zap, did a seminar in Baltimore (and probably
other seminars at other places) but Capt. Zap did the same thing on "Good
Morning, America." Capt. Zap became angry at TUC for working as a security
consultant and claiming to be president of TELECOM Corporation, even though
Capt. Zap is the president of his own corporation (IAM/Secure Data Systems
Inc.) It might even be likely thatfraid that TUC was taking
business away from him. Exactly why Capt. Zap said those things about TUC
when he was doing the same thing is not known. Now we'll continue with a few
more things from the article.
======================================
"On the Stonehenge bulletin board, 'The Marauder' has put up a phone number
for Citibank's checking and credit-card records"-
The Stonehenge bulletin board is most likely one of two boards.
1) The Central Office (also known as Stonehenge)
or
2) Phonehenge (previously Stonehenge)
======================================
"Agents recently busted 'Shadow Hawk,' 17-year-old Herbert Zinn of Chicago."-
For details on Shadow Hawk's bust, see TNS Issues #10 and #11.
======================================
"This summer, hackers in West Germany tapped into the U.S. space agency's
European network"-
For information on the West German hackers, see TNS Issue #9.
======================================
"He claims to employ the nation's top 10 hackers to break into client
computers."-
This is most likely just something that Capt. Zap said to get clients for
his business. It is very unlikely that he employes the nation's top 10 hackers
to break into systems. Very unlikely.
======================================
The events surrounding this article/Capt. Zap/ I.A.M./ and whether or not
he is an informant will be written in TNS as more information is acquired.
As I stated earlier, when I read the article it pissed me off extremely. When
turning the page to continue the article, the top of the page had the
following heading:
"COMPUTER HACKER IAN MURPHY PROWLS A NIGHT BEAT TRACKING DOWN OTHER HACKERS
WHO PIRATE DATA"
The thought of this made me very angry but Capt. Zap has claimed that he is not
a "bounty hunter." the article also has parts that show his loyalty to hackers.
After reading this part (as well as the entire article), I was ready to kill
Zap. Again, any impression that Capt. Zap turns in hackers is the impression
given by the author of the article and doesn't seem to be the truth.
For those who are reading this and are in need of the services of a computer
security consultant, Capt. Zap's telephone number was printed in a post by
him. Remember, don't think that Capt. Zap is an informer.. it appears that
he is just as much of a loyal hacker as the rest of us (well almost).