Given all the effort, this was a modest payoff--hardly justification for a massive crackdown. Even the Operation Sundevil busts of May 8th, which the foundation called a use of "force and terror which would have been more appropriate to the apprehension of urban guerrillas than barely postpubescent computer nerds," have yielded remarkably few indictments. Gail Thackeray, an attorney in Phoenix dealing with the aftermath of the Sundevil busts, notes that "80 percent of those arrested were adults [over eighteen years old]"-- hardly postpubescents. She says that more indictments are still being prepared, and that the delay was caused by the sheer weight of evidence: more than twenty thousand diskettes have been examined, which has taken the authorities over twelve months.
But perhaps indictments were never the point. Sundevil was a search-and-seizure operation; the quarantined computers and diskettes will be held until the material can be analyzed. Only at that point will the indictments, if any, be handed down, and the authorities are in no rush. While the computers are in their possession, the Cyberpunks are out of action.
As for the Phoenix Project, it, too, was probably a false alarm. The vaunted rebirth of hacking, which convinced the Secret Service that there was a nationwide conspiracy, may not have been what it seemed. After all, the Project's organizers had only exhorted hackers to welcome the new age "with the use of every legal means available." A sympathetic interpretation of the Phoe- nix Project would suggest that older hackers were simply counseling others not to break the law. It was a timely warning: the Computer Fraud and Misuse Act had entered the statute books two years previously, and some jail sentences had already been handed out. Hacking was no longer being viewed tolerantly, and the Phoenix Project's organizers expected a crackdown by the authorities. They got that right at least.
However, there was yet another hacker swept up in the Secret Service busts, who, unlike the others, was unquestionably hacking for profit. In mid-June 1989 BellSouth had begun investigating two relatively minor incidents on one of its switches in Florida. In the first incident, on June 16th, an intruder had hacked into the switch and rerouted calls for the city offices of Miramar, Florida, to a long-distance information number. On the next day the same hacker (or so it was assumed) had also rerouted calls intended for the Delray Beach probation office. This time the hacker demonstrated an impish sense of humor: callers to the probation office instead found themselves connected to a Dial-a-Porn service in New York State.
As a result of the two incidents, BellSouth had stepped up the monitoring of its switches. On June 21st, security agents were told that the monitors had detected a hacker loose in one of its computers.
The carrier put a trace on the call, following it back through a series of loops around the country. The hacker had tried to disguise his entry point into the system by first dialing into his local exchange, jumping to a connected switch on another network, then skipping from there to yet another network, and so on. Each time a loop was made through a network, it had to be traced to the entry switch. But the precautions must have given the hacker a false sense of security, because he stayed in the system too long, allowing the trace to be followed all the way through, from network to network, right back to a phone number in Indiana.
BellSouth passed the number they had traced on to Bellcore, which began monitoring all outgoing and incoming calls. The telephone company agents had discovered a hard-core hacker: they watched as their target looped calls around the country, from system to system; they recorded him breaking into a credit agency computer in Delaware belonging to CSA; and they listened as he had money wired to Paducah, Kentucky, on a credit card number.
Their target, of course, was Fry Guy, the fifteen-year-old Indiana hacker who had spent months perfecting his credit card scam.
With evidence that the young hacker was committing fraud, the telco agents turned the details over to the Secret Service, which included him on the Atlanta Three's DNR request. The inclusion was mostly a matter of convenience, but the agents had noted a geographic coincidence that intrigued them: Fry Guy lived in Indiana, as did the recipient of the anonymous telephone call warning of the computer bombs in the switches; Fry Guy also knew his way around BellSouth, where one of the bombs had been planted--indeed, other hackers regarded it as his "sphere of influence."
