Breaking and Entering Read online

Page 26

13 / /

  The Bartender

  Cambridge. July 2008.

  After losing her job at Elite Defense, Alien felt like a Navy SEAL who had been dishonorably discharged. True, she could find another position in her field, but she had no interest in anything that did not provide the same variety of cases and clients. Or the thrill and challenge of finding ways to break into supposedly secure places, without leaving a trace.

  At the same time, Alien experienced something akin to PTSD. She knew how little it would take for an attacker to shut down the computer systems for basic services like water, power, and public transit, and felt as if she were being watched whenever she made a phone call, cashed a check, went to the doctor, or booked a flight.

  She had good reason to think so. From 2004 to 2008, the number of Internet users had doubled, to 1.5 billion. Facebook, YouTube, and Twitter launched, followed by the iPhone and App Store. People no longer “went online”; they carried the network with them, in their pockets and purses by day, and on bedside tables at night, relying on it for a host of functions such as shopping, banking, connecting with friends, and finding love (or at least a lover). Her InfoSec work had shown her that each innovation was also another step toward a world where everything you said or did could be captured, controlled, sold, or rewritten by someone else. Every day, hackers discovered new vulnerabilities and virtual sieves through which information could leak.

  Alien still stayed up late, but now it was to pursue an old dream of becoming a writer. She started a blog focused on security and privacy, supporting herself in the meantime with unemployment insurance. After the demands of being an Agent on the Jedis’ terms—and the shock, shame, and insult of her abrupt termination—controlling her own life again and letting her ideas flow into words was exhilarating. The problem was that, whatever its satisfactions, blogging did not offer an income, especially at first, and maybe never.

  A way to make a living while still leaving time to write seemed to offer itself one afternoon in early July when she passed a bulletin board near the MIT campus covered with paper fliers. On one of the fliers, a smiling woman slid a triple-olive martini along a highly polished wooden surface.

  “Boston School of Bartending,” the flier read. “One-week night classes. Get certified and GET A JOB.”

  Alien signed up to take the bartending course, which began the following week. The “classroom” was a tiny storefront with a red awning between Chinatown and downtown Boston, a few blocks east of the Common. She plunged in with her characteristic intensity.

  Manhattan . . . Margarita . . . Tom Collins . . . Gin and tonic . . . Cape Codder . . . Kamikaze . . . Their final evening together, the instructor, a South Boston native in his late fifties, drilled Alien and six other twenty-somethings, her fellow students, on all their recipes.

  Alien turned behind the room’s fully stocked wooden counter, grabbed the right glass and ingredients, and made each drink in turn. She felt comfortable, reminded of her mother’s restaurant supply store in Hoboken, which sold bar equipment. Helping out as kids, Alien and her sister had sat on barstools behind a counter. And she liked slinging drinks. No getting up early. No airplanes. No computers. And I get to make things and hang out with people.

  Above all, it was simple. Customers ordered, she gave them what they wanted, they were happy, and it was done.

  Instant gratification.

  “Perfect,” the instructor said each time he reached her position and took a sip.

  When this last class ended and everyone was filing out, he gestured for Alien to stay. “I have a good job lead for you,” he said. “A buddy’s got a place, and he’s looking for help.”

  Given her instructor’s recommendation and her restored self-confidence, Alien hoped she’d get the bartending job, but the position didn’t open until late August. She arranged an interview for the middle of that month. Alien was pleased, but hadn’t figured out just what she would do with her remaining freedom.

  Later the same evening, when she checked her email, she saw a message from Amy, her former colleague on the Mayflower Hospital network team.

  “Hey—Hubby and I are going to the HOPE conference in NYC this weekend,” Amy wrote. “Let me know if you’ll be there!”

  HOPE? Alien looked it up online and found a Web page with white text against a black background. “HOPE is the seventh Hackers On Planet Earth conference,” the page announced:

  Join the rest of the hacker community from around the world July 18 to July 20, 2008 for this momentous occasion at the historic Hotel Pennsylvania in New York City.

  There will be three days and nights of speakers along with all sorts of activities to keep you entertained and enlightened. We have a tremendous amount of space for us to make use of and it’s all right in the middle of the city, across the street from Penn Station. You still have time to get involved in this historic event, whether by attending, volunteering, speaking, or creating something new that none of us have thought of yet.

  Alien was positive she was done with InfoSec as a profession, but this sounded like a fun party. The DIY vibe suggested plenty of potential blog fodder. And there were sure to be some interesting guys.

  “I’ll be there,” she told Amy.

  For the first time in more than three months, Alien set her alarm.

  Alien caught the eight fifteen Amtrak at South Station the next morning. Before she stepped out at Penn Station in a rose-print dress, she stuffed her flats into her backpack and strapped on her Rollerblades. As she glided through the subterranean concourse, Alien noticed several IF YOU SEE SOMETHING, SAY SOMETHING security signs.

  Creepy. She understood the presence of such instructions in a post-9/11 world, but the way everyone was being recruited to keep a suspicious watch on one another made her uneasy.

  By the time the escalator reached street level, the temperature topped ninety degrees, with humidity to match.

  Alien gazed ahead and then angled her eyes up.

  Cameras. Surveillance cameras everywhere.

  They were set into white metal utility boxes, mounted fifteen feet high on the lampposts along the lineup of yellow taxis. The cameras themselves consisted of wide glass spherical “eyes”—lenses with a 360-degree scope behind protective plastic. The utility boxes were equipped with network fiber cables, wireless transmitters, or both. Each box carried an NYPD emblem.

  What was law enforcement tracking? Who had access to their information? And would they be any better at keeping this information secure than all the banks and hospitals, defense contractors and government agencies that had been hacked, some by Alien herself?

  Alien pictured an anonymous office building, packed with people who sat behind computer consoles monitoring endless bytes of video—both Big Brother and high-tech sitting duck.

  She snapped a series of photos with her phone. Something to think and talk about.

  The WALK sign came on. Scooting around pedestrians, Alien moved as quickly as she could along Thirty-third Street to the other side of Seventh Avenue and into the hotel.

  The Hotel Pennsylvania had seen better days, but those days were pretty wonderful. Entering the lobby was like stepping into 1924: maroon fixtures and furniture, and a peach-colored marble floor. The place was now worn and dingy, but it had been full of fashionable people, flocking to hear jazz gods Duke Ellington, Count Basie, and Glenn Miller, all of whom had performed at the Pennsylvania. Miller had immortalized the hotel’s phone number—“Pennsylvania 6-5000”—in one of his hits.

  Now it was getting by as a second-tier convention site, thanks to the ridiculous prices of top-of-the-line New York hotels. HOPE attendees loved the buzz of the city, but most of them were independent aficionados of limited means, not corporate employees on expense accounts.

  The conference was a bargain. A single SCAN class cost thousands of dollars to attend. HOPE was an all-inclusive eighty bucks. The badge alone was almost worth the price of admission. It included a dog-tag-sized metal strip equipped w
ith a small circuit board and watch battery.

  “What’s this?” Alien asked.

  “It’s a trackable RFID tag,” a skinny guy behind the registration table told her. He passed her an explanatory flier.

  “The tracking technology, known as RFID, is fast becoming an unseen part of everyday life,” it said. “For the very first time, the general public will be able to participate in the transparent operation of a major RFID tracking program.”

  RFID stood for radio frequency identification—radio waves that broadcast a person’s or object’s presence to automated readers. New inventory control systems used the technology. So did contactless “smart cards,” increasingly common on transit networks and in high-tech buildings. HOPE attendees could always take the battery out to turn the tracking off. But the entire point of the badge for this crowd was to serve as the basis for the kind of security games they loved to play, in many cases for real.

  “Players will seek ways to protect their privacy, find vulnerabilities in the tracking system, employ data mining techniques to learn more about other participants, and choose how much personal information they will disclose in order to play,” Alien read.

  “Cool,” she said. She was as creeped out by technology like this as she was by the NYPD camera network, but here it was out in the open, something to be examined and questioned. Everyone saw the data dragnet at work. And probing the system for vulnerabilities would be rewarded rather than punished as some kind of criminal act.

  Alien rolled on, passing low-budget vendor booths and packed contest and activity areas. If most people saw hacking as the ultimate antisocial activity, the hundreds of happy nerds around her, talking enthusiastically to one another, suggested the opposite.

  There was Segway racing, a maker space for electronic tinkerers, and a giant Lego sculpture garden. Free public Internet access terminals and a “phone phreak” playroom with old rotary phones and pay phones, their innards exposed. A capture-the-flag competition like the one she’d won in Bruce’s class at SCAN. A live-streaming online radio station. Robot-backed punk bands, art created from old Commodore and Nintendo games, and trippy computer-generated videos patterned with data from on-site packet sniffing. The scene reminded her of MIT Rush.

  And the male-to-female ratio was ten to one.

  “Alien!” a voice called. She spun around, wondering who here would call her that. Alien spotted a familiar face, another of the few women at HOPE. She was a striking figure with a shaved head and square earrings made of tiny LED lights displaying an animated Ms. Pac-Man munching power pellets.

  “Rpunzel!” Alien greeted her old MIT Coffeehouse Club companion.

  Rpunzel stood before her own small booth. She was selling custom kits for making electronic jewelry and other novelties.

  “Check it out,” she said, handing Alien a kit to turn a kids’ metal lunchbox into an LCD projector.

  “Awesome!” said Alien. While she fiddled with the package, a good-looking guy nearby with gelled-back black hair caught her eye. Alien did a double take. His wrists were locked behind him in a pair of shiny steel handcuffs.

  A crowd of young men surrounded him in a half circle, calling out in unison how long it was taking him to get free.

  “Fifteen seconds!”

  “Thirty seconds!”

  “Forty-five seconds!”

  The guy twisted his right hand back toward the cuffs and jammed a flat metal strip, cut from an empty Tecate beer can, between the locking mechanism and the teeth of his restraints. He simultaneously squeezed the cuffs tighter and pushed the metal strip down hard with his thumb.

  “Open!” he declared with a broad grin just before the minute mark.

  His buddies high-fived him. Alien made plans with Rpunzel to catch up later and walked over to the escape artist. He reached out his uncuffed hand.

  “I’m Aaron.”

  “Alien,” she said, as they shook with mock formality.

  Aaron dangled the handcuffs. “Want to try?” he said with a wry smile.

  Alien laughed warmly. “I prefer things the other way around.”

  “I’m with TOOOL,” Aaron said, gesturing over his shoulder, where the same guys had regathered to time someone else. “The Open Organisation Of Lockpickers.”

  Part education and advocacy group, part social club, TOOOL ran one of the conference’s most popular activity areas, consisting of several tables littered with pick sets, training locks, and other gear to tinker with. Dim the lights and it would be like Alien was back at one of Zhu and Rex’s practice lock-picking sessions in the Bemis hallway. Another similarity to MIT roof-and-tunnel hackers was that the TOOOL crew had their own explicit code of conduct. “First rule of ethical lock picking: do not pick locks you do not own,” an old hand told a newbie.

  They said they picked locks to improve security, contradictory as that sounded. “Security is achieved through openness,” one of the group’s leaders had asserted at a 2005 talk. “Take things apart and play with them. . . . Exposing bad security is what protects us all.”

  Alien, who had learned to pick locks as a freshman hacker at the giant playground that was MIT, was well past the point where she had to be introduced to the subject, but she was glad people were having fun with it. And Aaron was cute. She accompanied him to a private party in a hotel room rented by TOOOL, and Friday ended at dawn with the two of them making out in the hallway outside Alien’s room.

  She slept in—alone—on Saturday, but rejoined Aaron for a very late lunch with a fellow TOOOL member and his girlfriend in a classic New York diner, à la Seinfeld, across the street from the hotel. Then she had drinks with Amy and her husband. Returning to the Pennsylvania shortly before nine p.m., she soon found herself facing the biggest celebrity at HOPE. In the main hall, Alien saw a dark-haired, slightly sunburned mid-fortyish man in a V-neck tee beneath an unbuttoned black dress shirt. He was patiently receiving dozens of admirers trying to introduce themselves, shake his hand, and pose for photos with him.

  “It’s Mitnick,” she overheard someone telling a friend in a stage whisper.

  Kevin Mitnick, to be exact. The world’s most famous (former) hacker. Following his release from imprisonment for breaking into Digital Equipment Corporation servers and copying the company’s operating system software, Mitnick had proceeded to crack Pacific Bell. During his two and a half years as a fugitive from the FBI, he continued to use hacking, particularly social engineering, to stay ahead of the law. His arrest, in 1995, had made the front page of the New York Times. Mitnick never tried to profit from what he’d taken, but served five more years in prison, emerging as a kind of folk hero in hacker culture.

  Now he was a successful white hat, hired by the kinds of companies he used to bedevil. As Mitnick shook hands, he handed out business cards for “Mitnick Security Consulting.”

  “Thanks,” said Alien, taking one.

  The “card” was a keeper. It was the conventional size, but instead of being a piece of stiff paper, it was a thin sheet of die-cut stainless steel whose upper half included a detachable five-piece lock pick tool set. Alien slipped it into her wallet.

  “Elizabeth?” she heard a raspy male voice calling. Alien turned. He was a middle-aged guy in jeans and a red plaid shirt.

  “Bill Rogers—Antidote,” he introduced himself, reaching out his hand. “I recognize you from SCAN. How’s everybody at Elite Defense?”

  Alien wasn’t going to tell him that she’d been fired. And she wasn’t going to lie.

  “I’m not with them anymore,” she said. “I’m on my own.”

  “Oh?” Rogers pressed his own business card on her. “In that case, would you like some subcontracting work?” he asked. “We’re always looking for good people.”

  Alien glanced down the hall, seeing Aaron and other TOOOL members waving for her to join them. She looked back at Rogers.

  She had decided to do something else with her life. But rather than explain that, it was easier to let him assume othe
rwise.

  “Sure.” Alien gave him her contact info, figuring it didn’t obligate her to do anything if he emailed or called. She pocketed his card without a second thought.

  Aaron lived on the West Coast, in Portland. After HOPE ended, he and Alien kept in touch, and he invited her to join him at another conference, DEF CON, held two and a half weeks later in Las Vegas. Given her positive experience in New York, and her interest in seeing more of him before she started bartending, Alien enthusiastically agreed. With the growth of the information security industry, HOPE, like SCAN, was now only one of dozens of hacking and counter-hacking trainings and conventions. Each con had its own culture: some were corporate, some political, some military, some punk. She knew DEF CON, the largest and oldest conference, had originated at a hacker’s early 90s farewell party, and was famous (or infamous) for its raucous nonstop festivities.

  Alien’s flight to Vegas landed the afternoon of Thursday, August 7. While most of her fellow passengers headed for the eye-popping new luxury resorts and casinos opened over the past two decades—among them the Luxor, New York–New York, and the Bellagio—Alien grabbed a cab to the DEF CON venue, the Riviera. Originally opened in 1955, it was a relic of the Vegas of an earlier era, now situated by a shopping plaza with all-you-can-eat sushi, Indian buffet, and Korean barbecue restaurants, as well as an artificial-turf-encircled concrete booth advertising discounted show tickets and Grand Canyon bus tours. In its fallen state, the Riviera was as affordable and unpicky in its convention guests as the Hotel Pennsylvania.

  Passing through the sliding doors of the Riviera’s entrance with an oversized suitcase stuffed to bursting with flashy dresses—puffy, skimpy, sequins, leather—Alien found herself almost immediately hemmed in by thousands of geeks. They crowded together, shoulder to shoulder, boisterously swapping stories and exchanging hugs, handshakes, fist bumps, and high fives. Nearby, DJs spun techno, vendors sold keystroke loggers and surreptitious laptop camera activation apps, and a projection screen had been turned into an ever-growing “Wall of Sheep”—a list of usernames and passwords nabbed from passersby clueless enough to go online without encryption in the vicinity of the world’s largest hacker convention.