File: WHO IS CAPTAIN ZAP? -=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=- = - - COMPUTERS: Hacking Away at Break-Ins = = [Washington Post -- June 28, 1984] - - By David H. Rothman = = Word Processed by BIOC Agent 003 - - = -=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=- Some once-rebellious computer hackers' may be going establishment. A Philadephian named "Captain Zap," for example, who calls himself a "retired electronics hobbyist," is even doing computer security. Quite a switch from the days when he and friends were stealing -- via computer -- hundreds of thousands of dollars in goods and services. Another young man simultaneously advises corporations and puts out the TAP newsletter for hacking trying to get into big computers without authorizaition. Aside from the ethical questions, can such consultants help prevent incidents such as the recent acquisition of secret passwords to a computer storing credit data at the TRW Information Systems, Anaheim, Calif.? Opinions vary. On on hand, you normally don't hire an ex-thief to guard your safe. But on the other hand, a New Jersey security man says he's uncovered hacker threats -- via Zap -- to major banks and dozens of corporations. He and a prominent Washington-area consultant are among those who swear by Zap. A third computer expert working for the prestigious SRI think tank in Menlo Park, Calif., claims hackers without the usual credentials can make first-rate security people. The term "hacker," he stresses, is far from synonymous with "criminal." Says Jay BloomBecker, a Los Angeles computer crime expert: "It's pretty foolish to hire a hacker who's broken the law because they've already demonstrated their lack of trustworthiness. There are a lot of other people just as bright who have stayed within the law." Zap, whose real name is Ian A. Murphy, drew his nickname out of the air. "I zapped security, so I named myself that. I tried not to destroy anything. The object was to show people that if I could get in, a less benign person could." In the names of major corporations, however, Zap and friends ordered, in the early '80s, five Texas Instrument 787 terminals worth $3,800 each, a $13,000 Hewlett Packard minicomputer and other odds and ends. All together they stole over $100,000 in goods and $212,000 in services. Zap received a $1,000 fine, 2.5 years probation and 15 hours a week of community service. Despite his anti-establishment computer acts, he is a Philadelphia Republican fond of wing tips ("they show good breeding"). His usual rates are between $450 and $1,200 a day, plus expenses. He says he now has six clients through subcontracting, although his high daily rate apparently puts off many prospects. To earn rent money, Zap fills in as an air-conditioning repairman, work he started in his teens when he first began taking computer-science courses (and started hacking). "I kept asking Spring, Bel and the others for jobs," he says, "and they kept turning me down. The strange thing is that I'd call Bell and say, 'Hi there, I bet I can get into this and that,' and they'd say, 'No, you can't.'" He could. He charged phone calls to an ocean liner, and even broke into military computer networks to play computer games. ("They have 'Star Trek,' 'Hangman,' and 'Chess'.") Among those who take Zap's advice seriously: Lindsay L. Baird Jr., a tough ex-military policeman now in computer security consulting, and Robert P. Cambell, once a top Army man in computer security and now head of Advanced Information Management, Inc., Woodbridge, Va. "I had doubts at first," concedes Baird. Zap read of Baird in the Philadelphia Inquirer last year, requested a meeting, walked through Baird's house in Mountain Lakes, N.J., and declared "You're clean." "In what way?" "No hidden recording devices or microphones," replied Zap, and pulling back his coat to reveal a bug-detecting device. Baird, who believes no in The Redemption of Zap, says he has picked up items off hackers' electronic bulleting boards that revealed in detail how to break into the compters of a leading hospital supply firm, a food company and major banks, among dozens of other victims. "The FBI knows I'm working with him," says Baird, who shares much of the infomation that Zap uncovers. He praises Zap as "a damn good technician." "We're both learning from each other," says Cambell, adding that "There is nothing that Ian can do that my staffers can't do better, but he's developed his talents without a formal education." Captain Zap, who has started his own security firm, Secure Data Systems, tests clients' computer safeguards before "electronics hobbyists" get around to it, as he did for a major finacial firm. How safe was its computer system? "I can't tell you," says Zap. "I'm under a confidentiality agreement." Zap, one must remember, is a felon (and as of a few days ago had yet to pay off the $1,000 fine, pleading tight finances). Other reminders: Federal laws prohibit banks' hiring of felons for work too close to the money; some government agencies may not find use of a felon-consultant to be legally or politically possible, even through a subcontracting agreement. Besides, not every client can monitor the Zaps as well as a security expert. Despite all this, some experts maintain that people like Zap may be excellent at simplifying techno-gook and warning the nontechnical of some of the more common threats from crooks, malicious or snoopy hackers and other electronic break-in artists. The computer-room crew may rant and rave about the need for good computer security, but that's now match for hhearing thd facts directly from a computer felon. Baird plans to use Cheshire Catalyst, a New York hacker who doesn't want his real name use ("I like my privacy") and Zap in the "Tiger Team," military term for electronic devil's advocates to test cliens' computer security. Most problems, says Cheshire Catalyst, are "people problems. People tack passwords onto the corkboard above terminals. "If I cam in to deliver pizza," he declares. "I'd memorize the number on the way in and write it down as I left." A tall, thin man in his late twenties -- named after the grinning, vanishing cat in "Alice's Adventures in Wonderland" -- Cheshire edits the TAP newsletter (which bills itself "For Informational Purposes Only"). Even though TAP is known as the bible for people trying to break into computer and phone systems, Cheshire claims he himself is clean, except for logging on to systems to look for weaknesses. Meanwhile, discussion of the term "hacker" seems to be excalating. Cheshire distinguishes between "good" and "bad" hackers, the latter of whom a few buffs call "crackers." Geoffrey S. Goodfellow -- who testified at congressional hearings on computer crime and is a coauthor of The Hacker's Dictionary: a Guide to the World of Computer Wizards -- confirms that a "hacker" isn't necessarily a "computer criminal." A "hacker," he says, is merely someone who truly enjoys programming. He stretches his machine's power to the limits, and loves to "hack away" at computer problems. Not that Goodfellow thinks all hackers are 100 percent honest. He believes that as computer literacy spreads, more will be stealing money as well as computer time. His advice to hackers' prospective clients: "If they seem reasonable, I advocate putting them on a loose leash. You shouldn't take a holier-than-thou attitude. Unfortunately most people take the authoritarian approach... Goodfellow claims that hackers -- often as long-time kibitzers of computer systems -- may see the big security picture better than many professional programmers used to working within their niches. Goodfellow, 28, a high-school dropout, can offer himself as an example of sorts. A decade ago he dialed up a computer at SRI and left a note saying he'd improve the system in return for free computer time. He got it, and eventually went full-time at SRI. Among his clients: the Defense Department. To this day, however, Goodfellow proudly calls himself a hacker. <> (David H. Rothman is author of "The Silicon Jungle: Computer Survival at Work and Home" to be published by Ballantine Books early next year.) SF][G9:ba003.010585 [Courtesy of Sherwood Forest ][ -- (914) 359-1517] -----End of File [1-77, Last=32, Quit=Q] Read File # is author of "The Silicon Jungle: Computer Survival at Work and Hollllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll