Home page logo
/

isn logo Information Security News mailing list archives

Hacked off at the way it all played out
From: InfoSec News <isn () c4i org>
Date: Wed, 5 Sep 2001 01:13:43 -0500 (CDT)

http://www.nzherald.co.nz/storydisplay.cfm?storyID=213042&thesection=technology&thesubsection=general

01.09.2001 

PETER GRIFFIN unravels the tangled web behind one of New Zealand's
ground-breaking computer hacking cases.

From the outset Andrew Garrett never really fitted the stereotype of a
computer hacker - the geeky teenager with too much time on his hands,
working in a darkened bedroom to tap into the computers of people in
other cities on different continents for the sheer hell of it.

The former blacksmith, internet administrator and web developer looks
old beyond his 34 years - but nevertheless relaxed as he walks the
gleaming walkways of the recently opened Botany Downs shopping centre,
a few minutes' drive from his Bucklands Beach home.

"I can remember when this was all just fields," he says.

For the last couple of years green fields have been the farthest thing
from his mind.

For a while Garrett, one of the first in this country to be hauled
before the courts for computer-related crimes, thought he was heading
to prison.

But earlier this month he was sentenced in the Manukau District Court
to a six-months suspended sentence and 200 hours of community service
for four fraud-related charges and a single charge of threatening to
damage property.

Just how Garrett ended up here is a long and complicated story. It
started with a dispute between Garrett and Telecom over an outstanding
$12,000 payment for telephone lines to his internet business, which
escalated towards the end of 1997.

"I wanted to develop The Hive as a passive revenue stream. A business
that I could develop and leave for my kids when I passed on," he says
of the fledgling internet service provider he was operating at the
time.

The dispute with Telecom dragged on through the early months of 1998
as Garrett married his fiancee Deborah. They returned from their
honeymoon, a one-night stay at Sky City, to find Telecom had pulled
the plug on The Hive. Further attempts to resolve the dispute with
Telecom failed.

Garrett said he realised that taking legal action against Telecom for
what he believed was "anti-competitive" behaviour would be a waste of
time after, he claims, a Telecom employee told him the company would
stretch out any legal action as long as it could.

Unable to afford court action, he decided to hit back at the dominant
telco in what he believed was the only way he could.

Using a Trojan horse computer program, which allowed him to gain
remote access to the computers of others, he gathered at least 200
passwords, from a range of account holders, including some belonging
to Xtra, Telecom's ISP as well as Ihug, Voyager, Clearnet and Best
Net.

Garrett still maintains his motive was not revenge, as suggested by
Judge David Harvey at the end of his trial.

His first comments to the media in November 1998 painted a different
picture.

"This is only the tip of the iceberg. There will be some other nasty
things that will happen. Telecom has caused me a lot of grief. If I
can put the boot in, I will," he told the Herald in his first media
interview.

"Granted, I was pissed off that Telecom put me out of business," says
Garrett. "But what I thought the public needed to know was that if you
have an account that is charged by the hour, and someone gets hold of
your username and password, you would be liable."

Garrett sent the passwords he had obtained to Herald IT editor Chris
Barton, bringing his hacking activities to light and spurring Telecom
to lodge a complaint against him with the police.

Soon after, appearing to revel in the attention, Garrett appeared on
Holmes, going head to head with Telecom's spokesperson, Glen Sowry.
That appearance, submitted in court as evidence, would come back to
haunt Garrett when it came to the critical question of a motive.
Simply put, some of the stuff he said on the show didn't do him any
good.

"I don't do this for me, I do this for all the businesses that Telecom
has ripped off," he proclaimed.

Around the same time came a front page splash in a Wellington paper
with the ominous headline: "I'll bring down Telecom - hacker."

"[The company] didn't give a toss ... they're a bunch of rogues. They
put me out of business ... treated me like shit for nine months.
They're going to be taken down and that's why ... " he told the paper.

While Garrett claimed he was exposing security deficiencies in
Telecom's network for the public good, a substantial pile of evidence
assembled by the Crown suggested his motives were not quite so pure.

Most incriminating in Garrett's case was an electronic paper trail of
e-mail correspondence and logs for the trojan program Back Orifice on
a computer disk found with Garrett's computer - evidence picked up
when police knocked on his door in March 1999 armed with a search
warrant.

Looking back, the Crown may have been scratching to have much of a
case against Garrett were it not for the goldmine of information
obtained from his hard drive and the associated Zip disk it seized.

Computer logs showed Garrett used Back Orifice to retrieve password
details from complete strangers. They also showed an attempt to send a
threatening message to an internet user urging them to stop using Xtra
as an internet provider or their hard drive would be wiped.

Alone, the logs were damning, but Garrett's e-mails provided an even
greater clue to what he was planning.

"Did you run that proggy [sic] I sent you. Oops I forget to tell you
not to, the app has a Trojan implant. Every time you connect to the
net it will e-mail me and let me know," he said in an e-mail to
friends.

"There is no law in New Zealand that covers hacking so I'm pretty
safe. The prison thing is just scare tactics, first they need to prove
it was me at the terminal, and that's pretty hard to do," read
another.

Signs that Garrett even expected a visit from the police were also
evident in his online musings.

"Thaeres [sic] a thought, I had better remove the data from my
machine, just in case they order a search warrant :), hehe. Now
where's my encryption and archiving utils?"

But Garrett claims he had nothing to hide. "A guilty person flushes
the drugs down the toilet. At the end of the day I didn't have
anything to hide," he says.

He admits he was using Back Orifice as the founder of an internet help
channel set up to combat the trojan. In this role he would access the
computers of people infected with Back Orifice to warn them of the
presence of the virus.

The ease with which Back Orifice can be downloaded from the web,
configured and used means keen users have become known as "script
kiddies", because they need possess no skill at hacking.

"The concept was to use Back Orifice to fight itself," says Garrett of
the virus developed by the hacking group Cult of the Dead Cow, which
was unleashed across the net in mid 1998.

"I wanted to set it up in such a way that anyone who logged on to an
internet service provider would automatically be scanned on that IP
[internet protocol] address.

"If they were infected with a Back Orifice Trojan, the program would
automatically send them a warning dialogue box telling them so," he
says of plans he had to develop a marketable program to combat the
rampant Trojan.

His own explanation for the existence of the incriminating material is
long-winded and complicated, and not completely consistent.

Garrett believes he himself had been hacked, infected with a Trojan -
not good old Back Orifice, but a similar program called Net666. Thus,
his computer was opened up to remote access in a case of villain
turned victim.

Infected with Net666 whoever it was who had Garrett in their nasty
clutches was then able to use the copy of Back Orifice on his machine
to launch attacks on other people's computers, creating logs as he
went and attributing them to Garrett.

A bit of a long shot? Everyone seemed to think so except Garrett and
his defence team, which included veteran defence lawyer Barry Hart.

Still, there were enough confusing factors in the case to persuade one
juror there was doubt about Garrett's guilt, leaving the jury
undecided on four other fraud-related charges and a charge of wilful
damage.

Garrett's story reads like a bit of a tragedy. He's an intelligent
man. As Judge Harvey said in his summing up he has "good qualities".

As a young, aspiring businessman, an amicable settlement to his
dispute with Telecom could have seen Garrett go on to bigger things in
the internet services world, which was riding the crest of the
technology wave at the time. Who knows where Garrett would have ended
up if he hadn't used a computer program to access the computer
passwords of others, then splashed himself across the national media
revealing his bitter resentment of Telecom.

But the path he took in obtaining a few passwords over the internet
has taken a toll on Garrett and his family. He claims the stress of
his early battles with Telecom over outstanding bills caused his wife
to suffer a miscarriage.

Later, as the case reached its final stages, charges were laid against
a teenager for molesting Garrett's 6-year-old son. That case was
thrown out "due to a lack of evidence" says Garrett.

A few weeks later Garrett was climbing the steps of the same court
house to begin his own trial.

Garrett has also remained unemployable, a position that has left the
family of five financially crippled. Both he and his wife suffered
health problems, stress-related illnesses according to Garrett.

In a drawn-out case that attracted many colourful metaphors, perhaps
the best came from Crown prosecutor Michael Heron who, in his closing
statements, compared Garrett's actions to a person breaking into
someone's house, having a look around and taking a copy of their keys,
collecting five cents on the way out.

In hindsight, Garrett accepts that obtaining the passwords and
usernames was illegal. "Knowing what I know now, by obtaining those
passwords I broke the law."

But he maintains he was acting in the public's interests. "Essentially
I didn't intend to defraud anyone. I was trying to highlight the fact
that there was an issue with the billing structure of the internet."

As he prepares to carry out his community service, which will see him
introduce elderly members of the community to his world of computers
and the internet, Garrett is uncertain about his future.

He would like to find work again in the IT industry, but pre-occupied
with his case for so long, his own computer skills are a bit rusty.

Obviously disappointed with the outcome of the case, Garrett displays
signs of acceptance that show he is ready to move on. "I've been dealt
my cards, now I've got to play with them."




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.


  By Date           By Thread  

Current thread:
  • Hacked off at the way it all played out InfoSec News (Sep 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault