Once upon a time at Atari, I helped the Secret Service bust some bad guys. Let me be up front about this: It was related to my work, it was kind of fun at first, and if offered the chance to do it again, I’d refuse for reasons that I’ll try to make clear.
Mid 80s. I was working for Atari, the Atari that Jack Tramiel had purchased, and we’d shipped the ST about a year earlier (this would have been 1986 or so). One fine day Jack got a call from an old buddy, along the lines of: Can you help us out, we’re up against some computer stuff that we have no idea how to handle.
Years earlier, Jack had been the subject of some kind of stalker / kook threat, and some of his corporate security (which was Commodore at the time) had some buddies in the Secret Service. Phone calls were made and the stalker / kook was dealt with — I don’t know details. Now the Secret Service guys were calling in the favor.
There were some people in North Carolina who were using computerized bulletin board systems to trade Sprint access codes and stolen credit card numbers. The systems were running on Atari hardware, which is why they had called Jack.
The Service Service is often called in on fraud situations (it’s one of their charters). But they were clueless about personal computers, especially Atari computers. So they asked for expert help. Back at Atari, after a bunch of discussion, I was identified as the person best able to help out the Secret Service with technical matters in the field. I got some computer gear together, packed my bags and took a plane to Raleigh-Durham airport in North Carolina.
A couple of agents picked me up at the airport. On the way to the hotel they explained what was going on: There were five or six “operations” scheduled for the next week, and the goal of each was to gather better evidence of credit card and phone code fraud, and also the involvement of computers. They already had enough independent evidence of the fraud (which had been necessary to obtain the search warrants), so most of the week’s operations were icing on the cake of the investigation. Any “situation” I was involved with would be “sanitized” before I went in and helped the agents identify what to take.
A perk of being an independent consultant: I got my own hotel room.
The next morning started pretty early. At 5 AM a small convoy of black cars and vans left Raleigh and headed out into the North Carolina countryside. After stopping at an iHop for breakfast we got on the road again and started going through smaller and smaller towns. They had all seen better days. There signs of old tabbaco production everywhere, from factories to the names of streets. Most of the factories looked used-up and closed, the streets were ill-kept, and the houses needed work.
After a few hours of driving, the cars and vans pulled up in front of a small house in a town whose name I cannot remember. We milled around a while. This was a Monday morning, and the owner of the house that was about to be raided was at work. A couple of agents had been sent to fetch the guy.
Neighbors started to gather around, quite curious. A couple of local cops kept them away. It was all pretty quiet.
While we were waiting an agent spoke to me about the procedure. “We serve the warrant, then we video tape and photograph everything. Then the idea is that we go in and bag everything computer-related. If it has anything to do with a computer, even if it’s just a book or a magazine, tell us and we’ll label and bag it. We also need the computers taken apart so we can put them back together at the field office.”
After maybe an hour the car with the ‘guy’ pulled up — I was told that it was not necessary that he be there, but they really wanted him to be — they served the warrant, and a few agents went into the house. A bit later a camera crew went in. About an hour after that I was told to go in and help.
The house was a mess, but it didn’t have anything to do with the search itself; the guy was just untidy. For instance, there was a closet with the kind of doors that slide on tracks; the closet was half full of stuff and the doors were bulging from the pressure of a couple cubic yards of unwashed clothes. He was a smoker, and the place smelled terrible. Dishes and bric-a-brac were everywhere. But the Atari 800 computer was on a desk by itself, in a Zone of Clean that had been established and somehow kept inviolate. The equipment and the wiring were well organized, disks were clearly labeled, and books and manuals were neatly shelved. The Atari 800 itself was clean, and next to it hummed a TEN MEGABYTE HARD DISK, clearly the pride and joy of its owner.
I drew a diagram and took some notes. I started taking things apart and described what I was doing as an agent snapped photos. I told a couple of agents what to bag.
“That’s a modem cable. That’s a modem. Wait, I need to shut the computer down.” I think someone dialed in as I was talking. By modern standards my forensics were laughable, but this was before the day of encrypted file systems and logic bombs, and I knew the hardware and software pretty well. “Okay, be really careful with this hard disk. No, we don’t need those power cables.” They insisted on taking stuff all the way down the power strips; I think one of them might have been for the stereo.
It took a few hours to disassemble things in such a way that I was confident the system could be put back together. Then we took off to the field office, dropped the evidence boxes off, and went to a local hotel.
At 5 O’clock, work stopped. The Secret Service is, after all, made up of government employees. Everyone went for a beer.
Over one of the rounds, an agent told me this:
“Okay, you were off in the living room taking apart his computer, right?”
I remembered seeing the guy at his kitchen table, kind of hunched over and looking really depressed as he watched us. A couple of agents were sitting with him and talking with him, taking notes. I couldn’t hear what they were saying, since I was busy going through his stuff.
“He was pretty blue. We told him he was going to go to jail. So I mentioned that you were from Atari. And he brightened up and said, ‘Gosh, really?!'”
The next day didn’t start out as early. This time the raid was at an apartment in a town in the southern part of the state. By the time we got there the warrant had already been served by another team, and they were already going through the apartment looking for evidence. I think the suspect in this case had been taken away or had simply left; in any event, he wasn’t around.
The computer setup was pretty basic, and the guy just had a small number of floppy disks. But I found some stuff that the agents had missed: A printout with some Sprint codes and a list of phone numbers and names of people who I recognized from the prior bulletin board, and a package of some kind from the first guy we’d raided.
Then the search got a bit personal; one agent found some (shall we say) disturbing photos in a drawer and passed them around. There was some rough laughter. More embarrassing things were found. I found myself going through stuff, doing an actual search for things that were computer-related, and this made me feel out of control and filthy; I got out of the apartment soon after that. Some more agents came by; apparently another team had done two other busts in the state that day, leaving one for the next day.
The final day was the worst. This was at a nice house in well kept neighborhood just outside of Raleigh. When the warrant was served, it was on the suspect’s wife — the suspect himself was on a business trip. There were two or three children in the house. The woman was soon in hysterics, the children were crying, and the agents’ attempts to calm them down weren’t really succeeding.
“Man, that’s upsetting,” I said, over the crying.
One of the agents agreed. The computer setup in this house was again simple and neat, and I was able to box it up pretty quickly. We had the procedure down now.
“Why don’t you go with Wilkie [a made-up name; he was one of the “techie” support guys who worked in a basement in DC] to see him take out the pen register?” said the agent in charge. So I took a quick ride with ‘Wilkie’ to a phone box by the side of the road, about a mile away from the house.
He unlocked the box and showed me the pen register and a bit of the printout. Every number that had been dialed from the residence was on the tape, and I could see some of the Sprint codes that had been used. He disconnected the register and stowed it.
At the field office there were dozens of boxes of evidence, including the first computer that I’d taken apart. The question in the air was an unsaid “Well, now what do we do with all this stuff?” Some bosses had arrived and were pushing to get something concrete out of all the stuff that had been seized.
I unboxed the BBS system, hooked it all together (they recorded a video presentation of me doing this, in which I gave achingly detailed and nerdy and condescending instructions on how to hook up an Atari computer). Then I wrote a simple program in BASIC to search the hard disk for patterns of credit card numbers and Sprint codes. My program found a lot of them, in bulletin board messages tagged with the names of the suspects.
That was it, pretty much. I had a few pages of paper with numbers.
Before I left (to hook up with my dad, who happened to be working at Duke University that week) they handed me $200 in cash.
“That’s your $50 a day.”
“But I didn’t spend any money!” Indeed, I’d not had to spend anything on meals (and though I don’t recall, I hope I’d had the sense to buy a round or two of beer).
“It’s your money. If you don’t take it, it gets accounting all upset.”
I didn’t argue.
A year later, one of the agents visited Atari in Sunnyvale. He and Jack Tramiel stopped by my office and handed me a certificate thanking Atari for its cooperation in sending me out to help. I have it somewhere in my files.
“All of the folks we raided went to jail for a year and a day,” the agent said.
“A year and a day?”
“Over a year makes it a felony.”
I went back to typing.
This was one of those experiences that quite honestly was a lot of fun at the start, but that got nasty and brutal and a lot less cool as the reality of what was going on sunk in. After the third bust I was really glad there wouldn’t be any more.
In retrospect the operation was pretty ham-handed. I didn’t have any experience with computer forensics, and a simple logic bomb could have destroyed evidence past the point of retrieval by my skills. Even a light dusting of crypto would have held me up for days. I wasn’t given any legal advice at all, just “Tell us what to box up, and make sure the computers will still work.” I wasn’t involved in the trial at all; for all I know they didn’t use any of the stuff that was seized.
So, after the nastiness of the process became clear, why did I go back to the field office and write code to extract the damning numbers? I suspect it’s because it was a solvable problem, a quick hack, and it got me back to the comfortable world of slamming out code: Here is your hard evidence, your efforts have not been wasted. At that point I had the proof in front of me; they’d been stealing credit card numbers (and though I did not see any proof that they’d used them, well, c’mon) and making thousands of dollars of phone calls on other people’s accounts. In this case there had been independent corroboration of this (via the pen register tapes); even without my help these folks would have gone to jail. But this made it very real to me.
I have since worked next to people who may have made better moral choices than I did. At Apple, we had requests of police departments to retrieve data from locked Newton PDAs; I believe that Apple’s policy was to release the tools for this, but not to do any actual forensics. I had a long discussion with one of the dev managers in Newton about the first request we had — we were initially going to refuse to cooperate, but ultimately realized that the company would just be forced to cough up something, and that it was better on our terms than theirs,. I have had cow-orkers who claimed they stood up to pressure from the NSA on putting back doors in cryptographic functions. Other instances, which I will not mention.x
While I am a firm believer that crypto is the second best way to go if you want to keep a secret [the best way? don’t put it in a computer to begin with], I also know that the physical world is a lot more cruel and far-reaching than the safety of numbers can encompass, and saying “Ha ha ha, I have 4096 bit crypto, you can’t touch me” is merely a form of denial.
Bruce Sterling’s _The Hacker Crackdown_. (One or two of the people I met on my little adventure also appear in his book).
Cory Doctorow’s _Little Brother_. The tech is pollyanna, but it’s a good, fun, angry book.
Steven Levy’s _Crypto_.
John Ross’ novel _Unintended Consequences_. (Nothing to do with computers, everything to do with abuse of authority. Yes, you may find the book’s cover offensive, and if you don’t like guns, you won’t like this book).