February 5th, 2002 08:04 PM
Some Sage Words...
I would like to pass on the words of Agent Steal and Netta "greyarea" Gilboa, because I feel that they apply even today, and that perhaps we need a reminder. Here follows...
The likelihood of getting arrested for computer hacking has increased to an unprecedented level. No matter how precautionary or sage you are, you're bound to make mistakes. And the fact of the matter is if you have trusted anyone else with the know ledge of what you are involved in, you have made your first mistake.
I realize my previous statements are somewhat lofty, but in the 35 months I spent incarcerated I've heard countless inmates say it: "If I knew then what I know now." I doubt that anyone would disagree: The criminal justice system is a game to be played, both by prosecution and defense. And if you have to be a player, you would be wise to learn the rules of engagement. The writer and contributors of this file have learned the hard way. As a result we turned our hacking skills during the times of our incarceration towards the study of criminal law and, ultimately, survival. Having filed our own motions, written our own briefs and endured life in prison, we now pass this knowledge back to the hacker community. Learn from our experiences... and our mistakes.
Nobody wants to get involved in a criminal case and I've yet to meet a hacker who was fully prepared for it happening to them. There are thousands of paper and electronic magazines, CD-ROMS, web pages and text files about hackers and hacking available, yet there is nothing in print until now that specifically covers what to do when an arrest actually happens to you. Most hackers do not plan for an arrest by hiding their notes or encrypting their data, and most of them have some sort of address book seized from them too (the most famous of which still remains the one seized from The Not So Humble Babe). Most of them aren't told the full scope of the investigation up front, and as the case goes on more comes to light, often only at the last minute. Invariably, the hacker in question was wiretapped and/or narced on by someone previously raided who covered up their own raid or minimized it in order to get off by implicating others. Once one person goes down it always affects many others later. My own experience comes from living with a retired hacker arrested ten months after he had stopped hacking for old crimes because another hacker informed on him in exchange for being let go himself. What goes around, comes around. It's food for thought that the hacker you taunt today will be able to cut a deal for himself by informing on you later. From what I've seen on the criminal justice system as it relates to hackers, the less enemies you pick on the better and the less groups you join and people who you i nteract with the better as well. There's a lot to be said for being considered a lamer and having no one really have anything to pin on you when the feds ask around.
I met Agent Steal, ironically, as a result of the hackers who had fun picking on me at Defcon. I posted the speech I gave there on the Gray Areas web page (which I had not originally intended to post, but decided to after it was literally stolen out of my hands so I could not finish it) and someone sent Agent Steal a copy while he was incarcerated. He wrote me a letter of support, and while several hackers taunted me that I had no friends in the community and was not wanted, and one even mailbombed our CompuServe account causing us to lose the account and our email there, I laughed knowing that this article was in progress and that of all of the publications it could have been given to first it was Gray Areas that was chosen.
This article marks the first important attempt at cooperation to inform the community as a whole (even our individual enemies) about how best to protect themselves. I know there will be many more hacker cases until hackers work together instead of attacking each other and making it so easy for the government to divide them. It's a sad reality that NAMBLA, deadheads, adult film stars and bookstores, marijuana users and other deviant groups are so much more organized than hackers who claim to be so adept at, and involved with, gathering and using information. Hackers are simply the easiest targets of any criminal subculture. While Hackerz.org makes nice T-shirts (which they don't give free or even discount to hackers in jail, btw), they simply don't have the resources to help hackers in trouble. Neither does the EFF, which lacks lawyers willing to work pro bono (free) in most of the 50 states. Knight Lightning still owes his attorney money. So does Bernie S. This is not something that disappears from your life the day the case is over. 80% or more of prisoners lose their lovers and/or their families after the arrest. While there are notable exceptions, this has been true for more hackers than I care to think about. The FBI or Secret Service will likely visit your lovers and try to turn them against you. The mainstream media will lie about your charges, the facts of your case and the outcome. If you're lucky they'll remember to use the word "allegedly." While most hackers probably think Emmanuel Goldstein and 2600 will help them, I know of many hackers whose cases he ignored totally when contacted. Although he's credited for helping Phiber Optik, in reality Phiber got more jail time for going to trial on Emmanuel's advice than his co-defendants who didn't have Emmanuel help them and pled instead. Bernie S. got his jaw broken perhaps in part from the government's anger at Emmanuel's publicizing of the case, and despite all the attention Emmanuel has gotten for Kevin Mitnick it didn't stop Mitnick's being put in solitary confinement or speed up his trial date any. One thing is clear though. Emmanuel's sales of 2600 dramatically increased as a result of covering the above cases to the tune of over 25,000 copies per issue. It does give pause for thought, if he cares so much about the hackers and not his own sales and fame, as to why he has no ties to the Hackerz.org defense fund or why he has not started something useful of his own. Phrack and other zines historically have merely reposted incorrect newspaper reports which can cause the hackers covered even more damage. Most of your hacker friends who you now talk to daily will run from you after your arrest and will tell other people all sorts of stories to cover up the fact they don't know a thing. Remember too that your "friends" are the people most likely to get you arrested too, as even if your phone isn't wiretapped now theirs may be, and the popular voice bridges and conference calls you talk to them on surely are.
They say information wants to be free, and so here is a gift to the community (also quite applicable to anyone accused of any federal crime if one substitutes another crime for the word hacking). Next time you put down a hacker in jail and laugh about how they are getting raped while you're on IRC, remember that someone is probably logging you and if you stay active it's a good bet your day will come too. You won't be laughing then, and I hope you'll have paid good attention when you're suddenly in jai l with no bail granted and every last word you read here turns out to be true. Those of us who have been there before wish you good luck in advance. Remember the next time you put them down that ironically it's them you'll have to turn to for advice shoul d it happen to you. Your lawyer isn't likely to know a thing about computer crimes and it's the cases of the hackers who were arrested before you which, like it or not, will provide the legal precedents for your own conviction.
Netta "greyarea" Gilboa
Note: I did NOT write this! I attribute this to Agent Steal and Greyarea. I simply feel that it is important that it be re-read every now and then.
Pierce me with steel, rend me with claw and fang; as I die, a legend is born for another generation to follow.
An\' it harm none, do as ye will. - Wiccan Rede