Off Topic
By the way, something to read through which touches on our privacy discussions:[sorry for the length]
How a cyber sleuth busted a hacker ring
DALLAS, Oct. 1 ? In a federal courtroom here, Calvin Cantrell stands silently, broad shoulders slouched. His
lawyer reads from a short letter he has written: ?My parents taught me good ethics, but I have departed from some
of these, lost my way sometimes,? the letter states. ?I was 25 and living at home. No job, and no future... . All I
ever really wanted was to work with computers.?
MR. CANTRELL CERTAINLY DID WORK with computers ? both his own, and, surreptitiously, those of
some of the largest companies in the world. He was part of a ring of hackers that pleaded guilty here to the most
extensive illegal breach of the nation?s telecommunications infrastructure in high-tech history.
And sitting behind him in court as he was sentenced two weeks ago was the accountant-turned-detective who
caught him: Michael Morris. A decade earlier, Mr. Morris, bored with accounting work, left a $96,000 job at Price
Waterhouse and enrolled in the FBI academy, at $24,500 a year. Mr. Cantrell?s sentencing was the final act in a
five-year drama for Mr. Morris, and secured his reputation as the FBI?s leading computer gumshoe.
The tale of Mr. Morris and Mr. Cantrell is among the first cops-and-robber stories of the New Economy,
involving, among other things, the first-ever use of an FBI ?data tap.? It illustrates how the nation?s
law-enforcement agencies are scrambling to reinvent their profession in a frantic effort to keep pace with brilliant
and restless young hackers.
The story also shows that hacking?s potential harm is far more ominous than theft of telephone credit-card
numbers. Mr. Cantrell was part of an eleven-member group dubbed ?The Phonemasters? by the FBI. They were
all technically adept twenty-somethings expert at manipulating computers that route telephone calls.
The hackers had gained access to telephone networks of companies including AT&T Corp., British
Telecommunications Inc., GTE Corp., MCI WorldCom (then MCI Communications Corp.), Southwestern Bell,
and Sprint Corp. They broke into credit-reporting databases belonging to Equifax Inc. and TRW Inc. They
entered Nexis/Lexis databases and systems of Dun & Bradstreet, court records show.
The breadth of their monkey-wrenching was staggering; at various times, they could eavesdrop on phone calls,
compromise secure databases, and redirect communications at will. They had access to portions of the national
power grid, air-traffic-control systems and had hacked their way into a digital cache of unpublished telephone
numbers at the White House. The FBI alleges, in evidence filed in U.S. District Court for the Northern District of
Texas, that the Phonemasters had even conspired to break into the FBI?s own National Crime Information Center.
Unlike less-polished hackers, they often worked in stealth, and avoided bragging about their exploits. Their
ultimate goal was not just fun, but profit. Some of the young men, says the FBI, were in the business of selling the
credit reports, criminal records, and other data they pilfered from databases. Their customers included private
investigators, so-called information brokers and ? by way of middlemen ? the Sicilian Mafia. According to FBI
estimates, the gang accounted for about $1.85 million in business losses.
?They could have ? temporarily at least ? crippled the national phone network. What scares me the most is that
these guys, if they had had a handler, whether criminal or state-sponsored, could have done a lot of damage,?
says Mr. Morris. ?They must have felt like cyber-gods.?
With the exception of Mr. Cantrell, none of the defendants in the Phonemasters case would comment on the
matter. Others are thought to remain at large. This is the story of Mr. Cantrell and two accomplices, largely put
together from federal district court records and FBI interviews.
Mr. Morris first learned of the group in August 1994, when he got a phone call from a Dallas private investigator,
saying Mr. Cantrell had offered to sell him personal data on anyone he wished. He even offered a price list:
personal credit reports were $75; state motor-vehicle records, $25; records from the FBI?s Crime Information
Center, $100. On the menu for $500: the address or phone number of any ?celebrity/important person.?
Mr. Morris immediately opened an investigation. Only 33 years old at the time, he had taken an annual pay cut to
join the FBI just five years earlier. He had been a tax consultant at Price Waterhouse, and despised the work. ?I
was young and making the big bucks, but every morning I would think ?God, I don?t want to go to work.? ?
Tall, square-jawed and mustachioed, Mr. Morris began working white-collar crimes when he arrived at the Dallas
FBI field office. He took on a few hacker cases and realized he liked the challenge. ?These guys are not the kind
who?ll rob the convenience store then stare right into the security camera,? he says. ?Trying to be the Sherlock
Holmes of the Internet is hard when the fingerprints on the window can be so easily erased.?
Mr. Morris convinced the private investigator to meet with Mr. Cantrell while wearing an audio taping device.
After reviewing the tapes, he was certain that he was onto something big. He applied for and received court
authority to place a digital number recorder on Mr. Cantrell?s phone lines, which would log numbers of all
outgoing calls. It showed that Mr. Cantrell frequently dialed corporate telephone numbers for AT&T, GTE, MCI,
Southwestern Bell and Sprint. Mr. Cantrell had also placed calls to two unlisted numbers at the White House,
which further piqued Mr. Morris?s interest.
So, late that summer, Mr. Morris took an unprecedented step. He began writing a 40-page letter to the FBI?s
Washington headquarters, the Department of Justice and the federal district court in Dallas. Recording Mr.
Cantrell ? now his central suspect ? while on the phone wasn?t sufficient for the job that faced him, he believed.
Instead, he needed new federal powers. He asked for Washington?s permission to intercept the impulses that
traveled along Mr. Cantrell?s phone line as he was using his computer and modem.
?It?s one of the hardest techniques to get approved, partly because it?s so intrusive,? says Mr. Morris, who spent
the next month or so consulting with federal authorities. ?The public citizen in me appreciates that,? he says. Still,
the long wait was frustrating. ?It took a lot of educating federal attorneys,? he says.
Once authorities said yes, Mr. Morris faced another obstacle: The equipment he needed didn?t exist within the
FBI. Federal investigators had experimented with a so-called data-intercept device only once before in a New
York hacker case a year earlier. It had failed miserably.
Mr. Morris and technicians at the FBI?s engineering lab in Quantico, Va., worked together to draft the
specifications for the device Mr. Morris wanted. It would need to do the reverse of what a computer?s modem
does. A modem takes digital data from a computer and translates it to analog signals that can be sent via phone
lines. Mr. Morris?s device would intercept the analog signals on Mr. Cantrell?s phone line and convert those
impulses back to digital signals so the FBI?s computers could capture and record each of a suspect?s keystrokes.
While waiting for the FBI to fit him with the proper gear, Mr. Morris contacted several of the telephone companies
to alert them that they had been victimized. The reception he got wasn?t always warm. ?It?s kind of sad. Some of
the companies, when you told them they?d had an intrusion, would actually argue with you,? he said.
GTE was an exception. Mr. Morris discovered that Bill Oswald, a GTE corporate investigator, had opened his
own Phonemasters probe. Mr. Oswald and Mr. Morris began working together and uncovered another of Mr.
Cantrell?s schemes: He and some friends had managed to get their hands on some telephone numbers for FBI
field offices. They entered the telephone system and forwarded some of those FBI telephones to phone-sex chat
lines in Germany, Moldavia and Hong Kong. As a result of the prank, the FBI was billed for about $200,000 in
illegal calls.
Mr. Morris also learned that on Oct. 11, 1994, Mr. Cantrell hacked GTE?s computer telephone ?switch? in
Monticeto, Calif., created a fake telephone number and forwarded calls for that number to a sex-chat line in
Germany. The FBI isn?t sure how Mr. Cantrell convinced people to call the number, but court records show that
Mr. Cantrell received a payment of $2,200 from someone in Germany in exchange for generating call traffic to the
phone-sex service.
In early December 1994, Mr. Morris?s ?analog data intercept device? finally arrived from the FBI?s engineering
department. It was a $70,000 prototype which Mr. Morris calls ?the magic box.?
On Dec. 20, Mr. Morris and other agents opened up their surveillance in an unheated warehouse with a leaky roof.
The location was ideal because it sat between Mr. Cantrell?s home and the nearest telephone central office. Mr.
Morris and nine other agents took turns overseeing the wiretap and data intercepts. The agents often had to pull a
tarp over their workspace to keep rain from damaging the costly equipment.
As middle-class families go, the Cantrells seem exemplary. Calvin?s father, Roy, was a retired detective who had
once been voted ?Policeman of the Year? in Grand Prairie, the suburb west of Dallas where they live. His mother,
Carol, taught Latin and English at Grand Prairie High School, where Calvin graduated in 1987 with above-average
grades. As a student, he was no recluse. He had a small circle of friends who shared his love of martial arts, video
games, and spy movies. Mr. Cantrell?s longtime friend, Brandon McWhorter, says Calvin was always a fun-loving
guy, but there was one thing about which he was very serious.
?He would always talk to me about religion,? says Mr. McWhorter. ?He held very strong religious beliefs.?
After high school, Mr. Cantrell continued to live at home while taking classes at the University of Texas at
Arlington and a local community college.
He held a series of odd jobs and hired himself out as a deejay for weddings and corporate parties. Mr. Cantrell
balanced, school, work, family and friends even as he began hacking more often. His parents became suspicious,
but said nothing. The family had three phones; Calvin stayed on his 15 hours a day.
?They?d go in my room and see all the notes and the phone numbers. Even though they couldn?t put it together
technically, they knew something was up,? says Mr. Cantrell. ?They were kind of in denial... . My parents were
pretty soft.?
Mrs. Cantrell says Calvin had been so well behaved that she never suspected his computer activities were more
than fun and games. ?I wish I had known what was going on. Unfortunately, my son was smarter than I was.?
(Calvin?s father passed away last year.)
At 8:45 on the night of Dec. 21, just four days before Christmas, Mr. Cantrell went online. Using an ill-gotten
password, he entered a Sprint Corp. computer, where he raided a database, copying more than 850 calling-card
access codes and other files, court records in the case show. The Phonemasters often got passwords and other
key information on companies in a low-tech approach called ?Dumpster diving,? raiding the trash bins of area
phone firms for old technical manuals, phone directories and other company papers. This often allowed Mr.
Cantrell to run one of his favorite ruses ? passing himself off as a company insider.
?I?d call up and say, ?Hi, I?m Bill Edwards with systems administration.? ... I?d chat with them for a while, then
I?d say ?We?re doing some network checkups today. Can you log off of your computer, then tell me every
character you?re typing as you log back on?? A lot of people fell for that,? Mr. Cantrell says.
After hacking into the Sprint database that evening, Mr. Cantrell talked to another hacker, Corey Lindsley, over the
phone. He?d ?met? Mr. Lindsley, and another hacker, John Bosanac, in 1993 while surfing the murky world of
hacker bulletin boards. Mr. Cantrell then sent the copied files to Mr. Lindsley, who was a student at the University
of Pennsylvania in Philadelphia.
Mr. Morris?s equipment captured everything ? voice and data. It was an FBI first. ?We?re sitting in this place
that looked liked a bomb pit, but the atmosphere was really exciting,? says Mr. Morris. ?We were ecstatic.?
As the days passed, the FBI wiretap generated stacks upon stacks of audiotapes and data transcripts. Some was
just idle talk among friends, the occasional call to finalize dinner plans, lots of workaday chatter. But the
incriminating evidence mounted. ?It?s great, you know. I really love fraud,? joked Mr. Bosanac, a Californian who
was musing with Mr. Cantrell about the various technical methods of using other people?s cellular telephone
accounts to place free calls. ?Fraud is a beautiful thing.?
Family conversations even entered the investigation. On Jan. 7, for instance, Mr. Cantrell called his mother from a
friend?s house and asked her find an MCI Corp. manual on his shelf. He then asked her to read him a set of
directions for accessing MCI?s V-NET computer system. Mrs. Cantrell read the material but asked her son
whether he was supposed to have the book, citing warnings that stated its contents were restricted to MCI
employees. Mr. Cantrell just avoided his mother?s question. The FBI data-tap captured every word.
Still, the process took its toll on the FBI team, especially coming during the holidays. ?It was stressful that the
wiretap was going 24 hours a day, seven days a week. I had to write up the legal documents and it?s tough making
people work through Christmas,? Mr. Morris said. On top of that, he had to keep records of his findings, and
every ten days he had to reapply to the court to prove that his wiretap was yielding evidence.
By late January, the FBI had begun to get a clear profile of Mr. Cantrell and his hacker friends. Mr. Lindsley, it
appeared, was the group?s acerbic leader, directing much of the hacking activity. Over phone lines, the FBI heard
him bragging about how he had given a Pennsylvania police department ?the pager treatment? in retaliation for a
speeding ticket he received. Mr. Lindsley had caused the police department?s telephone number to appear on
thousands of pagers across the country. The resulting flood of incoming calls, Mr. Lindsley bragged, would
surely crash the department?s phone system.
They also enjoyed collecting information about film stars, musicians and other famous people. Mr. Cantrell has
admitted that he broke into President Clinton?s mother?s telephone billing records in Arkansas to obtain a list of
unpublished White House numbers. The men, says the FBI, even made harassing phone calls to rock star
Courtney Love and former child actor Danny Bonaduce using pilfered numbers.
They weren?t without fear of getting caught. On the evening of Jan. 17, for instance, there was a clicking on the
phone line as Messrs. Bosanac, Cantrell, and Lindsley shared a three-way conference call. ?What the hell
happened?? asked Mr. Bosanac, according to an FBI transcript of the conversation.
?That was the FBI tapping in,? laughed Mr. Cantrell.
?Do you know how ironic that?s gonna be when they play those tapes in court?? Mr. Lindsley said. ?When they
play that tape in court and they got you saying it was the FBI tapping in??
On Jan. 18, the FBI overheard Messrs. Cantrell, Bosanac and Lindsley on another conference call. With the other
two men giving directions, Mr. Cantrell dialed his computer into Southwestern Bell?s network and copied a
database of unlisted phone numbers. The three men then discussed plans to write a computer program that could
automatically download access codes and calling-card numbers from various telephone systems. They also talked
about the chance that the FBI would one day track them down.
?Just remember, nobody f? rats anybody out,? said Mr. Lindsley to the others. ?No deals.?
?Yeah, no deals is right,? replied Mr. Bosanac.
?No deals. I?m serious. I don?t care what your f? lawyers tell you,? said Mr. Lindsley.
Mr. Cantrell said nothing.
Later that morning, between 5:09 a.m. and 7:36 a.m., Mr. Cantrell entered Sprint?s computer system and
downloaded about 850 Sprint calling-card codes. He then transferred those codes to a man in Canada. The codes
would allow anyone who purchased them to place free international phone calls. Mr. Morris would later learn that
a contact in Canada paid Mr. Cantrell $2 apiece for each code, court records show. The Phonemasters most
likely did not know ? or care ? where the codes ended up, but the FBI traced them and found some ended up
in the hands of a Sicilian Mafia operative in Switzerland.
On Jan. 23, while probing a U S West telephone database, Mr. Cantrell, Mr. Bosanac, Mr. Lindsley and others
stumbled over a list of telephone lines that were being monitored by law enforcement. On a lark, they decided to
call one of the people ? a suspected drug dealer, says Mr. Morris ? and let him know his pager was being
traced by the police.
On Jan. 27, the group was clearly feeling paranoia about being caught, prompting Mr. Lindsley to tell his
accomplices to pull as many Sprint codes as quickly as they could. Mr. Cantrell began to have reservations.
?What if I stopped before all of y?all?? Mr. Cantrell asked Mr. Lindsley. ?Would you applaud my efforts??
?No,? said Mr. Lindsley. ?I don?t think there?s any reason to stop. What are you worried about??
?Uh, I?m not worried about anything. I?m just saying, uhm. There might ... There might come a time here where I
don?t have time for this.?
He added a little later: ?I, you know, really like it. But, I don?t know, I just ... Eventually, I don?t see myself doing
a lot of illegal things.?
Mr. Lindsley continued to prod Mr. Cantrell to speed up the download of stolen codes by spending more time
online and using two phones.
?I?m telling you, you run two lines around the clock,? Mr. Lindsley said.
?You can?t run them around the clock,? said Mr. Cantrell.
?Why not??
?Oh, come on. I think that?s pushing it too hard.?
?I think you just got a weak stomach there, boy.?
By late February, things began to get tense. One of Mr. Cantrell?s hacker friends informed him that his number
had shown up in a database of phone numbers being monitored by the FBI. In all the excitement of burglarizing
databases and rerouting phone calls, the Phonemasters had neglected to check their own phone lines for any signs
that law enforcement might be listening in.
Mr. Morris hastily arranged for an FBI raid. On Feb. 22, 1995, agents raided Mr. Cantrell?s home, Mr. Lindsley?s
college dorm room, and burst into Mr. Bosanac?s bedroom in San Diego.
For Mr. Morris, the climactic raid was only the start of a long battle to bring the hackers to justice. Because of the
complicated nature of his evidence gathering, it took him more than two years to compile the most salient portions
of the wiretap transcripts and data-tap evidence. ?All the documents and tapes from this case could fill a 20-by-20
room,? Mr. Morris explains. ?And at the time, I was the only computer investigator for all of Texas.?
In the meantime, as federal prosecutors slowly geared up for a trial, Mr. Cantrell tried to get on with his life. ?I
spent the first few weeks after the raid being paranoid and wondering what would happen,? he says. Occasionally,
Mr. Morris and other agents would call him, asking questions about some of the systems he had hacked. By the
summer of 1995, at the urging of his mother, Mr. Cantrell started attending church again. He scored the first in a
string of professional computing jobs, doing systems-administration work for a company called Lee Datamail in
Dallas. He neglected to tell his employers about the FBI case. ?It?s been mental torture for the last four years, not
knowing,? says Mr. Cantrell. ?Can I go to school, move to another state? That kind of thing messes with your
head.?
Over time, Mr. Cantrell says he had come to seriously regret what he had done and the $9,000 he says he made
from selling codes wasn?t worth the trouble. ?Looking back, it was all crazy. It was an obsession. I wanted to see
how much I could conquer and a little power went to my head.? Mr. Cantrell notes that he has since tried to make
amends, even helping the phone companies plug their security holes and helping the FBI gather more information
on some of the group?s members who haven?t yet been apprehended.
The matter finally seemed near conclusion this March when Mr. Morris was able to play ?a couple of choice
tapes? in separate meetings with Messrs. Cantrell, Bosanac and Lindsley. Afterward, all three agreed to plead
guilty to federal charges of one count of theft and possession of unauthorized calling-card numbers and one count
of unauthorized access to computer systems. Chief Judge Jerry Buchmeyer ordered a presentencing investigation.
During a hearing on the matter, Mr. Lindsley?s attorney tried to argue that the FBI had wildly overstated the $1.85
million in losses that her client?s hacking had allegedly caused. But in the end, Judge Buchmeyer rejected the
argument and sentenced him to 41 months in prison. Mr. Bosanac, in the meantime, has asked that his sentencing
hearing be moved to San Diego, where he lives.
As for Mr. Cantrell, Judge Buchmeyer lauded his ?acceptance of guilt.? He could have been sentenced to three
years in federal prison; instead he was given two. He reports to federal prison in January of next year.
Mr. Morris, meanwhile, has used his data-tap method in several other cases; he also travels around the country
and the world advising law-enforcement agencies on how to conduct state-of-the-art investigations of hacker
crimes.
Copyright ¸ 1999 Dow Jones & Company, Inc.All Rights Reserved. |
