FLAME WAR OVER HACKER'S STORY 


COMPETING BOOKS BATTLE TO REVEAL EXPLOITS OF KEVIN MITNICK 


By SIMSON L. GARFINKEL 
Special to the Mercury News 

On Christmas Day, 1994, a daring attacker did the unthinkable: He broke into the computer system of one of the nation's pre-eminent computer security experts, Tsutomu Shimomura. During the next few weeks, a ''battle of the hackers'' ensued that eventually captured the nation's attention and gave Shimomura and his nemesis Kevin Mitnick their 15 minutes of fame.

That fight has turned into a battle between two journalists. This time the weapon isn't cellular phones and laptop computers: It's two books, being published on the same day, Jan. 22, by competing publishers. Not coincidentally, the publication date is the one-year anniversary of the now infamous break-in.

Depending on which book you believe, Mitnick, now in a Los Angeles detention center, is either a cunning computer sleuth who wanted to discredit Shimomura or a simple prankster whose antics were vastly overhyped by Shimomura and a well-known New York Times reporter who co-wrote one of the books.

The writing of the two books, plus a third about two months away from release, about a single computer break-in -- and the ensuing chase -- shows the fascination Americans have with ''techno-thieves.'' From ''War Games'' to ''The Net'' to ''Sneakers,'' Hollywood has mythologized about the power of computers. Finally, with the exploits of Mitnick and Shimomura, there is a real-life case.

PURSUER'S FIRST-HAND ACCOUNT OF THE CHASE  

In ''Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw -- by the Man Who Did it,'' Shimomura gives his first-hand account of the techniques he used, including a series of late-night vigils at The Well and Netcom On-Line Communications Services Inc., two major Bay Area Internet providers.

As a bonus, Shimomura gives an inside look at the fast-computer, fast-car, good-food life of Silicon Valley's digerati, and tells how he swept away Julia Menapace, the seven-year live-in girlfriend of computer celebrity John Gilmore of San Francisco.

Shimomura's co-author is reporter John Markoff, who first brought Shimomura's name to public attention with a front-page story of the break-in in the Jan. 23, 1995, New York Times. (The Mercury News published a staff-produced article the same day.)

Shimomura kept Markoff, his friend and ski buddy, closely apprised of the chase, then invited him along to North Carolina for the final pursuit and capture. Markoff was even present in a truck while Shimomura and engineers from Sprint Cellular listened to Mitnick on his cellular phone. Some of those calls are faithfully reported in their book.

COMPETING BOOK FOCUSES ON THE HACKER MYSTIQUE  

The second account of Mitnick's life on the run and subsequent capture is ''The Fugitive Game: Online With Kevin Mitnick,'' by Jonathan Littman, a Mill Valley author and journalist.

By sheer coincidence, Littman had been speaking by telephone with Mitnick for nearly a year before Mitnick's arrest. Mitnick by that time had already gained fame for some of his previous hacker exploits and was featured prominently in another book co-authored by Markoff, ''Cyberpunk.''

Littman takes the reader into the twisted world of the hacker underground, in which thrills are achieved by breaking into what had been considered ''unbreakable'' computer systems. The book details Mitnick's life on the run, his famed skill at social engineering (surreptitiously persuading people to reveal their computer passwords or other sensitive information) and reveals never-before-published details of Mitnick's life.

Littman also deconstructs the Mitnick myth, showing how it was largely a media creation -- mostly, he says, a result of Markoff's reporting. Indeed, the last 100 pages of ''The Fugitive Game'' are an outright attack on Markoff and his ethics, and, to a lesser extent, the investigative methods Shimomura used.

Now Littman, Markoff and Shimomura are engaged in an ugly battle, each saying that the other's book distorts the truth about what happened. With the larger advance, a bigger initial print run, the prestige of the New York Times and the ''victim'' as co-author, ''Takedown'' clearly has the advantage.

EAVESDROPPERS IN A VAN LISTEN TO CONVERSATIONS  

Takedown's attention-grabbing opening scene features Shimomura, Markoff and a Sprint Cellular engineer sitting in a van with listening equipment, attempting to find the elusive Mitnick by tracing signals from his cellular telephone. The three listen to several conversations. Nearly 300 pages later, when the scene is repeated, Shimomura quotes Markoff saying, ''I recognize that voice! That's Eric Corley!''

Corley, better known as Emmanuel Goldstein, is the editor of the hacker magazine 2600, which refers to the 2600 megahertz frequency used by John Draper, the infamous ''Captain Crunch,'' to obtain free telephone service in the 1970s.) Corley, a friend of Mitnick, said in an interview that he is upset that Markoff and Shimomura listened in on his conversation -- and angry that the conversation itself is repeated in their book. 

''I feel that they violated my privacy,'' said Corley, who thinks privacy should be protected by fool-proof technology instead of laws. ''It was pretty obvious that they were listening in on people to find out more about someone they were tracking.''

Corley is particularly peeved because neither Shimomura nor Markoff are law enforcement officers and because there is a question about whether Markoff had clearly identified himself as a reporter. The only way the pair should have been given access to the communications is if they were acting as agents of Sprint Cellular or of the federal government, said Lance Rose, an attorney who specializes in computer law and wrote the book ''NetLaw.''

Littman suggests that is exactly what the technicians for Sprint Cellular believed. They thought Markoff was working with Shimomura, assisting the government in its pursuit of Mitnick. Markoff says Sprint's technicians knew that he was a reporter.

''I was in the truck as a New York Times reporter, and I had identified myself as such,'' he said.

But that's not the story Sprint tells, says Sal Cinquegrani, a Sprint Cellular spokesman.

''I did speak with one of the technicians and the technician's supervisor,'' Cinquegrani said. ''We did receive the court order. We were told we were to meet a computer expert. That turned out to be Shimomura. Later some of the local FBI agents met (Sprint's technicians at) the mobile switching center. Subsequent to that is when Mr. Markoff appeared on the scene. Because there was a lot of interaction between Shimomura and Markoff and others, the assumption was that they all knew each other and worked together. Afterward, we learned that he was a reporter. We learned it at the same time that the agents did. The agents requested that Mr. Markoff leave because they were getting into some sensitive areas of the investigation and Mr. Markoff did in fact leave.''

Shimomura refused to answer questions for this article and instead referred them to Markoff. Markoff responded: ''The phone call was a fraudulent call being made with a stolen cellular phone number. As such, it wasn't protected.''

John Kent Walker Jr., former assistant U.S. attorney who worked on the case, backs up Markoff.

''To the best of my knowledge, John Markoff did not do anything illegal,'' he said. ''His role in the investigation was as a source of information about Kevin Mitnick.''

ATTACKER BREAKS IN TO LITTMAN'S WELL ACCOUNT  

Corley isn't the only person who feels that his privacy has been violated. Another person is Littman.

While Shimomura was tracking down Mitnick, he set up software to spy on the attacker's movements within computers owned by The Well and Netcom. During one of the break-ins, Shimomura saw the attacker break into Littman's account on the Well and send a piece of e-mail from Littman to himself.

Although the message is discussed in ''Takedown,'' its contents are not. Nevertheless, Littman says that his privacy has been violated. He is further angered that Markoff -- a competing journalist working on the same story -- had access to his personal communications with a source.

Shimomura and Markoff have since refused to participate in any radio or television interviews with Littman.

The shrillness of the debate is played out in the books, with each side interpreting vague references posted on the Internet to suit their own agendas. Markoff and Shimomura want to buttress their contention that Mitnick is ''after'' Shimomura, while Littman believes the Internet postings prove it was much ado about nothing -- and that the attack never belonged on the front page of papers like the New York Times or the Mercury News.

''If you are to take a break-in to someone's home computer, which as we know happens hundreds of times of every day, and turn it into a front-page New York Times story, you have to somehow elevate that ordinary mundane event into something exceptional,'' Littman said. ''It was only possible to do that by exaggerating the level of security, both on the Internet and on Mr. Shimomura's machines.''

Other security professionals agree that Shimomura's machine was not as well protected as it could have been.

''It's kind of ironic that somebody who knows as much about security as Tsutomu'' was not using a well-known computer software program, known as Kerberos, on his computer, said Michael Tiemann, president of Cygnus Support, a Mountain View-based company that provides support for security software.

Instead, Shimomura focused his energies on creating a system that would detect and monitor break-ins. Tiemann conjectured that Shimomura may have purposely made it possible for people to break into his computer so that he could test these monitoring systems.

''It's almost as if he would prefer to detect an intruder than to completely eliminate the possibility of an intruder, he said. ''I don't mean that as a slam against Tsutomu . . . he might be the kind of person who would like to see how deeply people can get in, rather than just make it impossible.''

Markoff, speaking for Shimomura, said, ''I think that's a slight distortion of Tsutomu's philosophy. Tsutomu did have monitoring software in place. I don't believe he was baiting anybody.

''I find that an example of blaming the victim,'' he said. ''It's true that Tsutomu may not have had the world's most secure system. That's like saying because I live in a house with glass windows, I'm to blame if somebody throws a rock.''

CRITICS CALL LITTMAN BOOK PART OF A VENDETTA  

Critics of Littman's book -- many of whom are friends with Markoff and Shimomura -- say the book is inaccurate and that Littman violated confidences in reporting it. Markoff takes things further, saying that Littman is on a vendetta.

''It's a very vicious attack on me,'' he said. ''The second 200 pages are an effort to assert that this whole thing was a conspiracy by Tsutomu and I. It gets real weird at the end -- (claiming that we are) financed by the NSA (National Security Association) to capture a computer criminal. I think that if you know my reporting, I'm the last person who would be an NSA agent.''

Markoff said that an issue that has particularly troubled him is that Littman had intimate knowledge of several ''attacks'' by Mitnick against The Well, yet he never notified The Well's management.

''For me, the bigger ethical issue is that he (Littman) knew that Mitnick was rooting around on The Well for a long time and did nothing about it,'' Markoff said. ''Although he claims he notified The Well, they have no record of it.''

Unlike ''Takedown,'' which is a first-person account, Littman's book attempts to reconstruct conversations and events that took place when Littman himself was not present. Lile Elam, a minor character in ''Takedown'' and a friend of Shimomura's and Markoff's, said Littman persuaded people to speak in confidence with him, then printed what they said.

''Littman's book is so filled with mistruths and misquotes,'' Elam said. ''The reason that people involved with (''Takedown'') aren't talking much is that it only gives people a feeling that Littman's book has more validity than it does.

''I would never talk with Littman again,'' she said. 

Meanwhile, there are increasing questions about what exactly Mitnick did and did not do. Although Mitnick may have broken into computers at The Well and Netcom, he may not have been the person who broke into Shimomura's computer, which started the well-publicized chase. Shimomura received several voice-mail threats around the time of the Christmas Day attack. And he received another message a few days after Mitnick was arrested, Littman asserts.

Furthermore, Markoff and Shimomura did not suspect Mitnick, but instead a group of computer hackers in Philadelphia called The Posse.

These people ''have relatively sophisticated computer security skills and are pretty malicious,'' Markoff said.

Mitnick, who could not be reached for comment, has steadfastly denied that he broke into Shimomura's computer. The one charge he has pleaded guilty to in North Carolina is illegal possession of 15 telephone access codes. He faces further federal fraud charges from North Carolina, as well as probation violation charges in California. 

Mitnick's next court appearance will be Jan. 29.


MERCURY CENTER ID: me13579h


Transmitted:  96-01-14 18:20:56 EST