In his newly published autobiography, America’s most famous ex-hacker, Kevin Mitnick, tells his own story for the first time. In this excerpt, Mitnick describes his 1992 investigation into the mystery hacker “Eric,” who’d begun pumping him for information. Mitnick’s spy-versus-spy duel with the hacker would launch a chain of events destined to turn Mitnick into the most-wanted computer criminal in the country.
Revelations
We’re told that our medical records are confidential, shared only when we give specific permission. But the truth is that any federal agent, cop, or prosecutor who can convince a judge he has legitimate reason can walk into your pharmacy and have them print out all of your prescriptions and the date of every refill. Scary.We’re also told that the records kept on us by government agencies — Internal Revenue Service, Social Security Administration, the DMV of any particular state, and so on — are safe from prying eyes. Maybe they’re a little safer now than they used to be — though I doubt it — but in my day, getting any information I wanted was a pushover.
I compromised the Social Security Administration, for example, through an elaborate social engineering attack. It began with my usual research—the various departments of the agency, where they were located, who the supervisors and managers were for each, standard internal lingo, and so on. Claims were processed by special groups called “Mods,” which I think stood for “modules,” each one perhaps covering a series of Social Security numbers. I social engineered the phone number for a Mod and eventually reached a staff member who told me her name was Ann. I told her I was Tom Harmon, in the agency’s Office of the Inspector General.
I said, “We’re going to be needing assistance on a continuing basis,” explaining that while our office was working on a number of fraud investigations, we didn’t have access to MCS — short for “Modernized Claims System,” the amusingly clumsy name for their centralized computer system.
From the time of that initial conversation, we became telephone buddies. I was able to call Ann and have her look up whatever I wanted — Social Security numbers, dates and places of birth, mother’s maiden names, disability benefits, wages, and so on. Whenever I phoned, she would drop whatever she was doing to look up anything I asked for.
Ann seemed to love my calls. She clearly enjoyed playing deputy to a man from the Inspector General’s Office who was doing these important investigations of people committing fraud. I suppose it broke the routine of a mundane, plodding workday. She would even suggest things to search: “Would knowing the parents’ names help?” And then she’d go through a series of steps to dig up the information.
On one occasion, I slipped, asking, “What’s the weather like there today?”
But I supposedly worked in the same city she did. She said, “You don’t know what the weather is!?”
I covered quickly. “I’m in LA today on a case.” She must have figured, Oh, of course — he has to travel for his work.
We were phone buddies for about three years, both enjoying the banter and the sense of accomplishment.
If we had ever met in person, I would have given her a kiss to thank her for all the wonderful help she gave me. Ann, if you read this, your kiss is waiting.
I guess real detectives must have a lot of different leads to follow up when they’re working a case, and some of the leads it just takes time to get to. I hadn’t forgotten that Eric’s apartment rental contract was in the name of a Joseph Wernle; I just hadn’t pursued that lead yet. This was one of the several times while playing detective that I would turn to my Social Security chum, Ann.
She went on the MCS and pulled up an “Alphadent” file, used to find a person’s Social Security number from his or her name and date of birth.
I then asked for a “Numident,” to get my subject’s place and date of birth, father’s name, and mother’s maiden name.
Joseph Wernle had been born in Philadelphia, to Joseph Wernle Sr. and his wife, Mary Eberle.
Ann then ran a DEQY (pronounced “DECK wee”) for me—a “detailed earnings query,” giving a person’s work history and earnings record.
Huh? . . . What the hell!?
Joseph Wernle Jr. was forty years old. According to his Social Security records, he had never earned a penny.
He had never even held a job.
What would you have thought at this point?
The man existed, because Social Security had a file on him. But he had never had a job and never earned an income.
The more I dug into his background, the more intriguing the whole thing seemed to get. It didn’t make sense, which just made me all the more determined to find out what the explanation could be.
More @ bit.ly/o2JD6Z
No comments:
Post a Comment