As a kid growing up in Los Angeles in the late 1970s, I got into a thing called “phone phreaking”. When people rang directory assistance, my friends and I would intercept their calls and pretend to be the operator. I’d ask “Which city?” and “Which name?” and then give the number they wanted as “555 743 and a half”, which would really confuse them.
School was boring for me – except for computers. Every time my computer teacher changed his password, my friends and I would tell him what his new password was. By high school, I was already hacking into the university’s computers to play computer games. I’d just ring the high school operator saying that I was a teacher trying to demonstrate something to my students and they’d connect the modem number.
There were no laws relating to hacking at this stage because computers were still relatively new. Several years later, when I was 22, I went to a technical school where I played cat and mouse with the system administrator. I went into the lab early one morning and he was hiding behind a curtain waiting for me. As soon as I logged in with administrator rights he snuck up behind me and said: “I’m not going to kick you out, you’re going to help me secure this system.” It was an early example of hiring the hacker.
Later, I started hacking into the big computer company DEC. I wasn’t being malicious – just curious. But, in 1988, my hacking partner and I had a falling out and he told his boss what we were doing. Then his boss told the FBI.
I was arrested and held in solitary confinement for almost a year because the government said that I could start world war three by whistling into a prison payphone, and that I had the power to launch nuclear weapons by hacking into the North American Aerospace Defense Command. I was 25 years old. Being in solitary was psychological torture. I felt like I was in a coffin. The newspapers were printing fabricated stories about me breaking into the National Security Agency and tampering with a judge’s credit rating.
The other inmates respected me for doing all this clever stuff but at the same they didn’t respect me because I hadn’t used my skills to steal money. Eventually, I cut a deal with the government. They said: “If you plead guilty you can be home in four months.”
After I was released, I kept my nose clean until an informant tried to entice me back into hacking. Also around this time, my brother was found dead in a car and I thought that he’d been murdered, so I was hacking into phone company computers to obtain billing records on the people I thought were involved. I was back in the game.
I became a fugitive for violating my supervised release. I was on the run for almost three years but was arrested after a hacker vigilante teamed up with federal agents to hunt me down. I was held for four and a half years without a bail hearing.
When I was finally released, after making a deal with the government, Senator Fred Thompson invited me to testify in Washington, DC, because the federal government wanted my help protecting their computers. I was a little surprised that the government was asking for my help after making an example out of me.
After my Senate testimony in 2000, I was hired to speak on security at a large conference. Now I speak at numerous conferences and I’ve hosted a radio show on internet security and co-authored two books on information security. Businesses hire me to find security weaknesses in their IT infrastructure.
I’m pretty much a rock star in the hacking community because of what I went through, but other people treat me like a common criminal because of my hacking history. I was immature and made a lot of bad decisions by continuing to hack. Fortunately, I’ve grown up.
