Date: Wed, 28 Oct 92 10:00:55 MST >From: ahawks@NYX.CS.DU.EDU(we're tiny we're toony) Subject: File 3--Transcript of DATELINE NBC: ARE YOUR SECRETS SAFE >From the same guy that brought you a transcript of Geraldo's NOW IT CAN BE TOLD, here's a transcript of last night's DATELINE NBC episode which featured a segment called ARE YOUR SECRETS SAFE that dealt with hackers: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Transcript of ARE YOUR SECRETS SAFE segment of DATELINE NBC airing October 27, 1992 PRODUCER: SUSAN ADAMS EDITOR: MARY ANN MARTIN ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Announcer: Well, when we come back, how computer hackers can make you and me their victims. The computer underground can potentially shut down our high-tech society. Our financial records, medical data, communications systems, it's all at their finger tips. Jon Scott reports. Next. Announcer: ...you knew it. Today, it's not that simple. In our high tech society, we can be targets of crime and never suspect a thing. It's crime by computer hackers. They've been glamorized by Hollywood most recently in the hit film "Sneakers." But, how do real hackers operate, and just what kind of damage can they do? Tonight, Jon Scott goes into their world to see how they access ours. [shot of computer screen, keys being pressed is the sound heard. [FADE to silhouette of shadowed hacker, voice altered electronically] "QUINTIN": I have accessed - you name it, really: credit card companies, telephone companies, government installations, military installations, political organizations, senators' computer systems. JON SCOTT [reporter]: His voice is altered. His face hidden. His name - an alias. [fade to A HACKER {white male, approx. 14-18, wearing blue Yankess hat backwards, t-shirt and jeans} sitting at small desk in front of a laptop] SCOTT: In fact we don't even know his real name. That's the only way "Quintin" would agree to talk to us. Because "Quintin" is a hacker: a computer genius who illegally breaks into computers for fun. [fade back to silhouette shot, camera shot alters between SCOTT {reporter} and QUINTIN] SCOTT: Have you ever shared information, say, about a company with one of their competitors? QUINTIN: That I have not done. SCOTT: Have you ever been tempted to? QUINTIN: Umm, there's always kind of the lurking temptation. [fade to shot of QUINTIN's hands at keyboard] SCOTT: It's a frightening thought: someone breaking into your computer and roaming around in it with the potential to share, sell, even alter what they see. That's what hackers can do. Quintin told us he's read the private mail of a US Senator, [close-up shot of laptop screen showing info from nic.ddn.mil concerning UFO info at Wright-Patterson Air Force Base in Ohio] browsed through secret government files on UFOs, and gone snooping in our nation's military computers. [fade back to silhouette shot again] SCOTT: Do you recognize that what you do is illegal? QUINTIN: Yeah, Yeah I do. SCOTT: Is it immoral? QUINTIN: To me, no. [fade to shot standing in the midst of a room filled with computers] SCOTT: More and more hackers like "Quintin" are out there, illegally breaking into systems that could contain information about you. Think about how much of your life is on a computer: your credit rating, financial records, your paycheck at work - computers run your telephone, your electricity, and your gas. In corporate America, it seems, they run everything. [fade to shot from the movie SNEAKERS - Ben Kingsley and Robert Redford sitting and talking] REDFORD: Stock market? KINGSLEY: Yes. REDFORD: Currency market? KINGSLEY: Yes. REDOFRD: Commodities market? KINGSLEY: Yes? REDFORD: Small countries? KINGSLEY: I might even be able to crash the whole damn system. SCOTT: In the movie SNEAKERS, Ben Kingsley dreamed of using a computer to dismantle the world's financial system. To some it's not so far-fetched. [fade to shot of Kent Alexander in empty courtroom] KENT ALEXANDER: Most people think of this movie as science-fiction. After prosecuting this case, I think of it as reality. SCOTT: Former computer prosecuter Kent Alexander was one of the first to win a conviction against computer hackers. ALEXANDER: I've seen hackers who've tapped into phone systems and litterally tapped into phone lines to listen in on telephone conversations. Hackers have broken into credit bureaus to get people's credit histories, hackers have broken into credit card records to have money wired to themselves. [shot of newspaper clippings related to the Atlanta 3 LoD case] SCOTT: In a highly-publicized trial in 1990, Alexander sent three Atlanta hackers to jail, among them - Adam Grant. [fade to shot of Grant and Scott walking to BellSouth building at night.] SCOTT: So how often would you come over here? GRANT: In the beginning as maybe as much as a couple times a week. SCOTT: Adam belonged to an elite hacker club called the Legion of Doom. One of the methods he used to obtain secret computer codes was to rummage through the trash at BellSouth - the regional phone company in Atlanta. [they stop in front of a BFI trash dumpster and examine it] GRANT: Back a few years ago they weren't locked. You could just slide the doors open, reach in, grab a bag, leave. This one's not even locked. SCOTT: Using the information he found here Adam was able to sit in front of his home computer and hack into the heart of BellSouth. SCOTT: They didn't learn something on this side [pointing to unlocked dumpster - slides it open, it contains a bunch of folded up cardboard boxes]. GRANT: At BellSouth we were able to get into all manner of computers. [fade to shot of Grant sitting and talking] uh, the phone switches themselves. SCOTT: In essence you got to the point where you could've turned off everybody's phones in Georgia. GRANT: About any one of a couple dozen of us could've done that. [fade to shot of interior of BellSouth command center] SCOTT: for more than a year, Adam and his friends had free access to the inner workings of 12 BellSouth computer systems. [back to previous shot] SCOTT: They say you could've crashed or broken the 911 system. GRANT: Mmm-hmm . The operative word for me is *could have*. SCOTT: You could have done that? GRANT: Yes. I could go out and shoot people. You can. SCOTT: BellSouth cracked down hard on Adam and the others, even though it acknowledges they never disrupted phone service or changed any customer accounts. [shot of US phone network display] [fade to shot of BellSouth spokesman Scott Ticer] TICER: We don't care what the motive may or may not be. SCOTT: Scott Ticer is a corporate spokesman for BellSouth. TICER: We are not talking about Wally and the Beav, much less Eddie Haskel. We're not dealing with a bunch of mischievous pranksters playing in some high-tech toyland [possibly toilet, not clear]. This is a crime. [shot of skyscraper] SCOTT: BellSouth is just one example of a company stalked by hackers. In a recent New York case, members of a club known as the Masters of Deception [shots of MoD-related newspaper articles] were indicted, accused of hacking into institutions like: [corporate logos appear on computer monitor] the Bank of America, Martin Marietta, PacificBell, SouthwesternBell, New York Telephone, TRW, Information America, and New York University. So how does a hacker get into these systems? To find out, Dateline went underground into the hacker's world. [fade to shot of Scott Chasin] CHASIN: Power and ego have a lot to do with hacking. SCOTT: 21 year-old Scott Chasin spent 9 years as a hacker. He says his hacker days are behind him now, but he still keeps tabs on the hacker underground. [shot of monitor with a bunch of Account: and Password: 's] CHASIN: Basically these are passwords for a university that somebody has cracked. SCOTT: Scott showed as a hacker's secret meeting place - a private electronic bulletin board. [shot of login to board called TCH] individual hacker clubs set up these boards so members may swap information. "I need some help figuring out how to crash my school's computer system"? Is he serious? CHASIN: Sure. Why wouldn't he be? [varying shots of crack screens from pirated software and hacking utilities : Hacker clubs, some of whose logos you see here, are very competitive. Sometimes its club v. club, sometimes its member v. member. [shot of Grant] GRANT: You want to make yourself unique. And one of the best ways of doing that is being forceful - being obnoxious. [shot of Grant typing] SCOTT: For many like Adam, the underground is the first place they found where they felt like they had power. GRANT: You think about: "I can do something that's really different. I can do nothing that none of my friends can. I can do something that most people anywhere can't. And that makes you stand out - makes you want to do it." It's like a criminal olympics. [shot of Chasin typing] SCOTT: Hackers might break into a computer with your name in it by accessing one of the computer networks which link millions of computers world-wide. Scott showed us what he could reach from his living room. We went looking for the top-secret National Security Agency. We found it. [shot of Chasin typing "NSA" on monitor, then: National Security Agency (NSA) Network Services Agency (NET-NSA) Whois: _ ] Same with the Pentagon. [shot of monitor: PENTAGON-HQDADSS.ARMY.MIL 26 ] CHASIN: Let's do a search for NASA. SCOTT: It's like searching the phonebook for someone's street address and learning where they live. [screen shows 'whois' output of NASA matches] CHASIN: Found over 247 of 'em. SCOTT: 247 NASA computers? CHASIN: Computers and networks, that are on the Internet. Correct. SCOTT: But each of these NASA computers has a lock on it, and only authorized users like NASA employees are allowed to have th keys. To "unlock" most computer systems, authorized employess type in their username and then their password. Passwords and user names are supposed to be kept secret, but hackers have ways of getting them. [shot of Quintin] QUINTIN: Sometimes it's as simple as a phone-call to the company and portraying myself as another employee, to pulling telephone records, to actually entering the building and places where I physically should not be. SCOTT: So on the one-hand you break into the building and then you break into the computers? QUINTIN: Yes. [shot of Scott] SCOTT: Most hackers don't resort to burglary - they can get the information they need over the phone. They call it social engineering - basically, it's a con job. We asked Scott, the former hacker, to show us how it's done. Dateline obtained permission from a Fortune 500 company to have Scott try and hack in. The company gave him 1 week to land anywhere inside its computer system. Posing as a fellow staff member, Scott began by making random calls to unsuspecting employees. [Chasin on phone, ringing] CHASIN: Hi. My name's Scott Chasin and I'm calling from Business Affairs. I'm at home right now and I'm wondering if there's a way I could get into the network - I just bought a PC. EMPLOYEE1: You have Crosstalk? CHASIN: Yes I do. SCOTT: Hist first call was to the computer department. He's looking for the 800 number he needs to dial to have his computer connect to the company's system. CHASIN: What is the number it has to dial? EMPLOYEE1: Your best bet is to dial the 800 number. CHASIN: Right. But, I don't show that on my screen. EMPLOYEE1: What do you show? CHASIN: It just says xxx-xxx-xxxx, I think, yeah. EMPLOYEE1: Oh, it's 800-***-****. SCOTT: With the phone-numbers, he's at the company's front door. Now he needs the "keys": a username and password, to get inside. [phone rings] CHASIN: Hi, *****, this is Scott Chasin calling from the computer center. EMPLOYEE2: Hi. CHASIN: How ya doin'? EMPLOYEE2: Ok! CHASIN: Is everything up and runnin' down there? EMPLOYEE2: Uhhh, why? 'we sposed to be down? CHASIN: Yeah we're having some problems, we've been having some reoccuring problems since last night. EMPLOYEE2: Believe me, I'm not a computer maven person. hahaha. CHASIN: Hahah. That's all right, I'll help ya out! If you log out and log back in, we'll go through the whole scenario so I can see if everything's ok on my end. Can you do that for me? EMPLOYEE2: I think so...hold on... SCOTT: Bare in mind he [Chasin] still can't see anything on his end - it's a ruse. All he wants is a username and a password. Even if he only gets a username from someone, a hacker can make an educated guess at a password. [cut to interview of Chasin] SCOTT: What are some common passwords that people use? CHASIN: money, sex, love, secret, password. Mostly first names, husband names, wife names, pet's names, social security numbers, parts of their telephone.... [cut back] SCOTT: But as we saw, most of the time a hacker doesn't even have to guess. CHASIN [on phone]: Why don't you tell me what your login id is cuz I'm gonna watch you come across the network so I can see where the problem's arising from. EMPLOYEE3: What my login is? CHASIN: Yeah. EMPLOYEE3: ****** CHASIN: What password do you enter to get into the BIOS, [BIOC, BIAC {unintelligible}]? EMPLOYEE3: shy. CHASIN: s-h-y is your password? EMPLOYEE3: Yep. CHASIN: s-h-y. EMPLOYEE3: shy. CHASIN: Ok, I'll tell ya what I'm gonna do, I'll go in there and see if you have any stuck processes and I'll call ya back and tell ya when it's all right. SCOTT: Remember, he'd been given a week to break into the system. It took him an hour-and-a-half. CHASIN[on phone still]: Alright? EMPLOYEE3: Thanx. CHASIN: Ok, bye-bye. CHASIN: I'm in. SCOTT: So the receptionist, who simply hands you a password, might be giving you access to the CEO's office. CHASIN: Might be giving me the ability to shut down the company. [cut to Quintin again] SCOTT: The moral to computer users: don't give out your password, and change it often. Hackers like Quintin are out there, and to them it's a game - a challenge - to break into your system. [cut to Grant again] Just listen to Adam Grant, the guy who spent 7 months in jail for Breaking into BellSouth's computers. SCOTT: What's the lesson, in your story, for other hackers? GRANT: Don't get caught. SCOTT: Not "don't do it". GRANT: People are going to do what they're going to do. SCOTT: How do think it plays to people at home when you tell others, simply, "don't get caught"? GRANT: That's their own business. I don't think it's right for other people to tell me how to live my life. So, I shouldn't tell other people how to live their life. SCOTT: And yet you acknowledge that hacking is wrong. GRANT: Smoking is wrong. Taking drugs is wrong. People do it all the time. [FADE to computer monitor, showing: Goodnight. Downloaded From P-80 International Information Systems 304-744-2253