>>> Continued from previous message
Bevan, the son of a police officer, said he had not even been alarmed
when Datastream Cowboy disappeared from the Internet. "Everyone was
joking with me on the e-mail that he must have been arrested, but I
didn't believe it. It wasn't until a year later that a friend phoned me
and said: 'Have you seen the papers? They think you're a spy'."
However, Bevan became confident that he had escaped detection and was
stunned when he was arrested. "I was told to go and check the managing
director's computer. I went in and there were seven or eight of them in
suits and I was arrested." He was charged the next day with two counts
of conspiracy under the Criminal Law Act 1997. He was later charged
with three offences under the Computer Misuse Act 1990.
Pryce had been charged in June 1995, about 13 months after his arrest,
with 12 offences under Section 1 of the Computer Misuse Act 1990. He
was also charged with conspiracy three days before Bevan's arrest.
At the culmination of one of the biggest ever international computer
crime investigations and after a massive security scare in the United
States, law enforcers were left with a meagre and faintly embarrassing
prize: two young hackers who in their spare time, from the comfort of
their bedrooms, had penetrated what should have been the most secure
defence network in the world. To rub salt into the wounds, their
credentials were hardly impressive. Pryce had scraped a D grade in
computer studies at A-level and Bevan had dropped out of an HND course
in computer science.
Pryce's father, Nick, who restores musical instruments, said: "They
said Richard was a No 1 security threat and I think that was just
rubbish. They had overreacted and when they found out it was just a
teenager, they still wanted to try to make an example of him. I never
knew what he was doing at the time; I just thought he was in his
bedroom playing on his computer. When I found out, I never thought he
had done anything particularly wrong and neither did our friends. He
just showed how bad security was on those computers."
But how did two rather ordinary young men manage to penetrate the
Pentagon computer system and spark such a massive security alert? Both
were bright and articulate, but there was nothing in their backgrounds
to suggest a computer wizardry that would outwit the American military.
Their success was based on a mixture of persistence and good luck,
which was abetted by crude security mistakes in the Pentagon computer
system.
Pryce had had a musical upbringing with his two sisters, Sally and
Katie, and had a passion for playing the double bass. He was bought his
computer when he was 15 to help him in his studies. He would spend his
spare time linked up to a bulletin board on the Internet, where
computer users traded information and chatted. It was here tha he got
his first introduction to hacking.
"I used to get software off the bulletin boards and from one of them I
got a 'bluebox', which could recreate the various frequencies to get
free phonecalls," he said. "I would phone South America and this
software would make noises which would make the operator think I had
hung up. I could then make calls anywhere in the world for free."
Now 20 and in his third year at the Royal College of Music in London,
Pryce said: "I would get on to the Internet and there would be hackers'
forums where I learnt the techniques and picked up the software I
needed. You also get text files explaining what you can do to different
types of computer.
"It was just a game, a challenge. I was amazed at how good I got at it.
It escalated very quickly from being able to hack a low- profile
computer like a university to being able to hack a military system. The
name Datastream Cowboy just came to me in a flash of inspiration."
The attack on Rome Laboratory, his greatest success, relied on a ferret
called Carmen. Pryce easily gained low-level security access to the
Rome computer using a default guest password. Once inside the system,
he retrieved the password file and downloaded it on to his computer. He
then set up a program to bombard the password file with 50,000 words a
second. "I just left the computer running overnight until it cracked
it," he explained.
If all the air force officers with access to the computer had followed
orders and used passwords with a mixture of numerals and letters, his
attack would have been foiled; but luck was on his side.
Morris, who has since left Scotland Yard's computer crime unit and now
works in London for Computer Forensic Investigations, a private
company, revealed: "He managed to crack the file because a lieutenant
in the USAF had used the password Carmen. It was the name of his pet
ferret. Once Pryce had got that, he was free to roam the system. There
was information there that was deemed classified and highly
confidential and he was able to see it."
Once he was in the system, Pryce kept getting access to higher levels
in his aim to become a "root user", which gives the hacker total
control of the computer with the power to shut out other users and
command the entire system.
"I was interested in Rome Labs because I knew they developed stuff for
the military. I just wanted to find out what they were doing. I read
that UFO material was being kept at Wright Patterson base and I thought
it would also be a laugh to get in there. I also hacked into a Nasa
site," he said.
"Rome Labs was my main project. I got the programming code for an
artificial intelligence project. I downloaded files so I could view
them at leisure at home.
"I know there was a big fuss when I tried to hack into a computer in
Korea, but there was nothing sinister about it. I just fancied having a
go at a different sort of computer and I happened to be on the Rome
Laboratory computer. I just tapped in the address for the Korean
research computer, but I didn't hack into it. It never went further
than that." During an intensive three months of hacking, Pryce sent
e-mails at least twice a week to the fellow hacker he knew as Kuji,
without knowing his real name was Mathew Bevan.
Bevan, who is now 23, was more of a loner than Pryce and would spend up
to 30 hours without a break on his computer. He claims the fraternity
of hackers gave him the friendship that he had failed to find during
his childhood. "I was bullied at school and I found my little community
and interaction through my computer," he said. "The hackers would all
egg each other on. There wasn't anything malicious about it. If there
was, I could have downed as many computer systems as I wanted. I was
just really looking for anything about UFOs. It was like war games; I
just couldn't believe what we could get into. I wasn't tutoring Pryce,
but the Americans made out I was because they thought I was some kind
of east European masterspy."
Pryce agrees: "We embarrassed them by showing how lax their security
was and that's why they made out we had been a huge security threat.
I'm now amazed by what I did, but I wasn't surprised at the time. It
was just my hobby. Some people watched television for six hours a day,
I hacked computers."
The first time Pryce and Bevan met in person was in July 1996 when they
appeared at Bow Street magistrates court jointly charged with
conspiracy and offences under the Computer Misuse Act. "He was at the
back of the court when I went in and his mother said: 'You'd better say
hello', which he did. We didn't even have a chat," said Bevan.
Conspiracy charges against both Pryce and Bevan were later dropped, but
in March last year Pryce was fined Pounds 1,200 after admitting 12
offences under the Computer Misuse Act. His lawyers said in mitigation
that there had been some exaggeration when the Senate armed services
committee had been told in 1996 that the Datastream Cowboy had caused
more harm than the KGB and was the "No 1 threat to US security". The
remaining charges against Bevan were dropped in November after the
Crown Prosecution Service decided it was not in the public interest to
pursue the case.
>>> Continued to next message
 * SLMR 2.1a * If you were a REAL man, you wouldn't need that parachute!
--- FMail 1.22
---------------