| The Hackers Who Won't Quit By Roberto Suro |
Washington Post Staff Writer
Wednesday, September 1, 1999; Page A1 Most mischievous teenagers would be intimidated if FBI agents showed up armed with a search warrant, asked a lot of hard questions and then seized all the computer equipment in sight. But Chad Davis just got angry, federal officials said.
Less than four weeks after the FBI searched the apartment where Davis, 19, lives alone in Green Bay, Wis., he defiantly hacked into an Army computer at the Pentagon, according to a federal complaint filed against him when he was arrested Monday.
During the June 2 search, Davis admitted that he belonged to a notorious hacking gang that calls itself Global Hell, and the FBI agents let him know they were cracking down on the group. On June 28, Davis allegedly struck back: He replaced the Army's Internet home page with the message: "Global Hell is alive. Global Hell will not die."
Court papers depict Davis as one of the founders and leaders of the gang, which allegedly has made repeated intrusions into computer systems at the White House, the FBI and numerous other government offices. In addition, he allegedly assisted in the hacking of 17 corporate and private Web sites, and may have helped himself to two years' worth of free access to the Internet through a local provider in Green Bay.
Davis is the only person yet arrested in a nationwide investigation of Global Hell that has been underway for several months and has turned up more than a dozen other suspects. Although investigators suggest that more arrests may be coming, his apprehension shows the difficulty of tracking down computer criminals – even those, like Davis, who are relatively brazen and unskilled, according to federal law enforcement officials and computer security experts.
"It is not that these are super whiz kids; it is the technology that gives them the ability to cover their tracks enough that you can have a hard time making a criminal case against them," said a senior federal investigator.
In the case of Global Hell, the hackers made a point of calling attention to themselves.
"They are into bragging rights," said Drew Williams, a specialist on computer intrusions with Axent Technologies Inc., an information security company based in Rockville. "They are vandals who are into it for the sense of chaos."
On May 9, Global Hell went right to the top and defaced the White House Web site with off-color messages. Within weeks, the FBI launched raids in at least 11 cities that involved searches and questioning of suspected members of Global Hell, but no arrests. Several of the individuals targeted were minors, investigators noted.
As the raids were still unfolding, Global Hell retaliated with an unprecedented attack against the FBI Web site, flooding it with thousands of simultaneous "hits," or requests for access, on the night of May 26. The FBI was forced to shut down the site rather than risk damage to the computer server. Over the next week, members of Global Hell also attacked Web sites maintained by the Interior Department, the Senate and even the state of Virginia.
In the meantime, however, FBI agents found two members of the group who were willing to talk, according to court documents filed in Davis's arrest. The investigators learned that they were looking for a hacker who went by the cyber-nickname "Mindphasr," who had helped to found Global Hell, and who coordinated many of its intrusions. Then they learned that Mindphasr lived in Green Bay. And finally, by searching computer records, they got the address of Davis's apartment.
On June 2 FBI agents arrived at the apartment, search warrant in hand. Davis admitted that he was a member of Global Hell and even that he had hacked into a number of nongovernment Web sites, according to an affidavit filed by David E. Black, a special agent with the U.S. Army's Criminal Investigative Command. However, Davis said he had not done any hacking since February.
On the night of June 27-28, someone used Davis's telephone line for four hours, working the Internet almost until dawn, according to Black. About 2:14 a.m. an intruder gained access to the computer server housing the Army's Web site, and the home page was replaced with the defiant message from Global Hell. As a result, no one could use any of the normal links that allow access both to public information as well as to nonpublic Army sites available only to registered users with passwords.
The hacker then cleverly turned off auditing services that would have recorded the incident, and he altered log files to disguise the intrusion. But the hacker did not know there was a backup monitoring system that logged the intrusion as coming from an Internet service provider in Green Bay. The provider's logs and telephone records provide the evidentiary link to Davis, according to Black's affidavit.
"The Global Hell types may have shown a skill for self-promotion, but not the kind of sophistication that you see in truly dangerous computer criminals of the sort who penetrate systems to steal proprietary information," said David Remnitz, chief executive of IFsec, a information security firm in New York.
But, in charging Davis with multiple offenses that could produce a lengthy prison sentence, prosecutors were not taking anything lightly. "Interference with government computer systems [is] not just electronic vandalism. They run the risk of compromising critical information infrastructure systems," U.S. Attorney Thomas P. Schneider said of the hackers.