[Moderator: oops! This was one of the articles that got lost in the mixup
last week. I should have taken the hint when a dozen people mailed it to
me in the last week. :)]
Would you hire a hacker?
By Joseph C. Panettieri
August 12, 1998
Sm@rt Reseller
Some of the world's largest corporations hired Justin Petersen. So did the
FBI. In fact, in law-enforcement circles, he's known as Agent Steal, and
he's got a long list of technical skills and references that would make
most resellers drool.
Consider his most recent tour of duty, which includes developing intranets
and extranets for Cosmic Media, a Los Angeles-based Internet consulting
firm that has deployed secure electronic commerce sites for Digital Media
and other fledgling businesses. He has also launched his own 1,000
square-foot computer center, which features two server rooms, a control
room and an earthquake resistant design.
Now, for the twist: Petersen, 37, is also a reformed hacker. Earlier this
decade he served time for breaking into several corporate networks, making
bomb threats and stealing money from a bank electronically. [His run from
justice.] "I imagine if I walked into a place and tried to get a regular
job, my record would be an issue," concedes Petersen, speaking from the
Los Angeles apartment he has called home since his release from prison
last year. "But I've known a couple of guys from Cosmic Media for a long
time, and I have other friends in the industry-including a Webmaster over
at CNET. Friends who are aware of my convictions support me and hire me.
"Hacking was a phase I went through," continues Petersen. "I learned what
I wanted to learn, and I got it out of my system. That phase of my life is
over."
FBI informant
As if Petersen's story wasn't outrageous enough, portions of his digital
crime spree actually were committed while he was working undercover for
the FBI, according to court documents obtained by Sm@rt Reseller. He also
has crossed paths with notorious Internet hacker Kevin Mitnick.
Reformed hacker Justin Petersen is working side-by-side with Web
consultants and resellers. Would you hire him? Add your comments to the
bottom of this page.
The FBI and the U.S. Department of Justice took Petersen's offenses quite
seriously. When Petersen pleaded guilty to several computer-related crimes
on March 27, 1995, the DOJ promptly issued a tersely worded press release
stating that he faced a "maximum sentence of 60 years in prison and $2
million in fines."
Today, that very same press release begs two troubling questions: How did
Petersen emerge from prison so quickly? And can he be trusted to work with
computers, the Internet and channel players?
To be sure, hackers increasingly are turning over new leafs as resellers
and security consultants. Says John Klein, president of Rent-A-Hacker
(www.rent-a-hacker.com), "I've seen my customers hire hackers. Sometimes
an 18-year-old kid who lives on the Internet has more experience than a 30
year old with a Master's [Degree] in computer science."
Still, hiring a young cyberpunk who knocked over a few Web sites is one
thing. But recruiting the likes of Agent Steal is in another class. Says
Art Brieva, chief technology officer at The PC Authority, a Plainview,
N.Y.-based reseller: "There are hackers who mess around with systems for
the pure challenge of it, and then there are hackers who have malicious
intent. I would tend to steer clear of the latter."
Quite a childhood
Petersen says he started wiretapping phone systems and hacking computers
when he was only 12. In his early years, he simply explored computer
systems rather than damage them. For more than a decade, he read about
technology and honed his hacking skills before breaking into TRW Inc.'s
credit system in 1989. Later that year, he and fellow cyberpunk Kevin
Poulsen rigged Pacific Bell's telecom network and seized a radio station's
phone lines to win a $10,000 call-in contest.
"Poulsen taught me a great deal about hacking," allows Petersen. "But I
was mostly self-taught. I bought lots of books and always read a lot about
computers."
Petersen, working with Poulsen, found a security hole in a Pacific Bell
test and maintenance system that made the radio station hack possible.
Petersen claims the duo could latch onto any phone line within Pacific
Bell's network, monitor it, ring it, dial out, and so on. Far from
complicated, the hack required a single PC and two phone lines (one for
control via computer and one to monitor). "Pacific Bell thought the system
was secure, but they shut it down after they discovered the weakness we
exploited," Petersen says.
After parting ways with Poulsen, Petersen fled to Texas in 1991 and was
arrested after being caught driving a stolen Porsche. A search of
Petersen's apartment by police uncovered more than a dozen fraudulent
credit cards, modems and a computer. Police suspected Petersen was using
the PC to illegally access TRW's credit system to obtain credit cards
under several aliases, according to court documents.
Rather than face full prosecution, Petersen's legal troubles took a
dramatic turn for the better in September 1991. According to court
documents, a Secret Service agent visited Petersen in a Texas jail several
times and they struck a stunning deal: In return for pleading guilty to
various computer-related crimes, Petersen agreed to work undercover for
the FBI. He was released and placed under the FBI's supervision in
California. Petersen's legal case also was transferred to California, and
his sentencing was delayed until his work for the FBI was completed,
according to the court documents.
Hunting hackers
The nature of Petersen's service for the FBI remains unclear at best.
Neither the FBI nor the Secret Service is willing to comment about
Petersen's case. For his part, Petersen claims the FBI rented him a
furnished apartment and gave him a salary, two computers, two modems and
phone lines to gather information about alleged hackers who may pose a
threat to the government.
In particular, Petersen and several attorneys close to his case say he
helped the FBI amass evidence against former buddy Poulsen, as well as
Mitnick and Lewis DePayne.
Poulsen is now free after serving time for rigging the 1989 radio contest
and facing a much more serious charge of international espionage. Mitnick
and DePayne await a Jan. 19, 1999, trial date for an alleged Internet
crime spree that Miramax, a major Hollywood movie studio, is transforming
into a motion picture.
As for Petersen, his work for the FBI continued until Oct. 22, 1993. On
that day, government officials met with Petersen and asked him if he had
committed additional computer-related crimes while working for the FBI.
According to court documents, Petersen panicked and fled the meeting. Like
Mitnick at the time, he was now a fugitive.
Petersen remained at large for more than a year. He surfaced again on Aug.
17, 1994, when he hacked Heller Financial Inc., a commercial financial
service provider in Glendale, Calif. Once inside Heller's network,
Petersen identified a line between two network switches that was
accidentally left unencrypted. Petersen used the weak link, which has
since been corrected, to transfer $150,000 from Heller's electronic vaults
to an account at Union Bank in Bellflower, Calif. Petersen made two bomb
threats to Heller in an effort to distract employees so they would not
notice the transfer of funds, according to court documents.
This is only a test
Petersen considered the first transfer a "test," and planned to return for
more cash a few weeks after the first transaction. But the FBI was
searching for him, and he was tracked down and arrested three weeks after
hacking Heller's network. In early 1995 he pleaded guilty to committing
computer wire fraud while a fugitive and didn't emerge from prison until
April, 1997.
Petersen's time behind bars fell far short of the potential 60-year
sentence he faced. Some lawyers, including Mitnick's attorney, Donald
Randolph, consider Petersen's short sentence rather curious. Others are
surprised that Petersen is free to work with computers and the Internet.
By contrast, Mitnick is only allowed to use a non-networked PC when
researching documents related to his criminal case. Petersen faces no such
restrictions.
Says alleged hacker DePayne, the co-defendant in Mitnick's case: "Petersen
hacked for profit then cooperated with the government. Poulsen didn't
cooperate with the Feds. I'd say that's why Justin [Petersen], rather than
Kevin [Poulsen], can now work with computers without any limitations."
Asst. U.S. Attorney David Schindler says Petersen is subject to a
"supervised release" and must "get approval" from a parole officer before
accepting high-technology jobs or any other work that may tempt fate.
Still, one question remains: How did Petersen circumvent the possible
60-year prison sentence mentioned in the 1995 DOJ press release? "That's a
question I'd love the government to answer," says attorney Richard
Sherman, who has defended Mitnick and currently represents DePayne.
Schindler says Petersen got time off for good behavior, and adds that the
DOJ's press release was a bit misleading.
Enjoying freedom
Petersen has certainly made the most of his early release. In recent
months, he has devoured technical manuals, and quickly gotten up to speed
on numerous technologies that gained popularity during his prison stay,
including Windows 95, Windows NT, Java and Internet development tools. "I
haven't been in any trouble since my release," he says (and attorney
Schindler confirms). "I'm concentrating on Web development and my NT
skills, and hope to launch an adult Web site down the road."
Petersen, by all accounts, is no longer using his hacker skills, but he
certainly doesn't hide his past. His personal Web site features legal
documents from his court case, interviews published in hacker
publications, as well as a few booby traps that could send some Web users
running for cover. (Because of the latter issue, Sm@rt Reseller has
elected not to publish Petersen's URL.) Until very recently, the Web site
manipulated a visitor's computer by launching nefarious Java applets. And
his current e-mail address pokes fun at one of his former victims, Pacific
Bell.
It's unclear how long Petersen will continue working side-by-side with
channel players. Aside from launching his adult Web site, Petersen also is
promoting Los Angeles night clubs. But despite such demands on his time,
he's willing to continue lending local Web consultants a hand if the price
is right.
And there are certainly resellers interested in the likes of Petersen.
"Hackers are the best consultants out there," says Kevin Johnson, owner of
security consultancy and reseller Johnson & Associates. "I've got a guy
working for me who was a hacker, and he's very good at what he does."
Even one of Petersen's staunchest critics, attorney Sherman, defends
Petersen's right to work within the computer industry. Quips Sherman: "I
don't think anyone's right to use a computer should be taken away. But if
Justin hacks me, I'll kill him."
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue Sep 8 09:01:22 1998