Uncovering the Mystery of Shadowhawk
Cook, William J., Security Management
ON JANUARY 23, 1989, JUDGE PAUL PLUNKETT OF THE US DISTRICT COURT FOR THE NORTHERN DISTRICT OF ILLINOIS FOUND AN 18YEAR-OLD COMPUTER HACKER GUILTY OF COMMITTING FIVE ACTS OF juvenile delinquency, as charged in a federal information under 18 USC 5032, for violations of the Computer Fraud and Abuse Act of 1986, 18 USC 1030(a)(6) and 1030(a)(4). The hacker was acquitted on one count of destroying computer data under 18 USC 1030(a)(5).
On February 14, 1989, the hacker was sentenced to nine months in prison, to be followed by two and a half years' probation, and was ordered to pay restitution totaling $ 1 0,000. On February 28, 1989, he started serving his prison term in a prison in South Dakota. If the hacker had been 18 when he committed these crimes, he would have faced a possible 13-year prison sentence and fines totaling $800,000.
Facts developed during a one-week trial established that between July and September 1987, the hacker, under the code name Shadowhawk, used a modem on his home computer to gain unauthorized remote access to AT&T computers in Illinois, New Jersey, North Carolina, and Georgia and stole copies of copyrighted AT&T source code worth over $1,120,000.
The lifeblood of AT&T'S effort to maintain its competitive position in the international telecommunications industry is its R&D community, known generally as Bell Labs. Bell Labs is made up of 27 different R&D laboratories in nine states and employs 28,000 people.
Bell Labs' budget of nearly $3 billion per year reflects AT&T'S commitment to basic and applied research in artificial intelligence; computer hardware and software development; data acquisition through telemetry; energy extraction, conversion, and combustion; information systems planning, design, and development; manufacturing systems-, material process control; microelectronics; military systems; photonics; robotics; surface technology; switching and transmission systems and component engineering; and systems testing and evaluation.
The scientists and engineers at Bell Labs benefit from significant input from other lab members at the various Bell Lab sites in developing their research. To meet this need, electronic mail and files on projects are exchanged daily on AT&T'S extensive internal computer network. Major hubs in this national computer communication network are referred to as "gateway" computers.
AT&T is protective about its R&D efforts. Its guidelines for safeguarding proprietary information are clear and state in part:
It is the policy of AT&T to protect proprietary information assets and to share them with others only when it is in the interest of AT&T to do so and where such disclosure is not otherwise legally prohibited.
Proprietary information of AT&T is only made available to authorized employees of AT&T on a need-to-know basis and in compliance with applicable laws and regulations.
AT&T and Bell Labs are popular hacker targets because of the highly sophisticated computer software engineering at their locations. In 1986 and 1987, vulnerabilities in the security of AT&T'S Unix-based computer network were discovered by computer hackers and published on computer bulletin boards, known as hacker bulletin boards or pirate bulletin boards. As a result, in early 1987, AT&T was hit with an unusually high number of successful remote access computer break-ins from the hacker community.
Prompt action by AT&T corporate security and California state authorities in the spring of 1987 closed down a group of southern California youths responsible for a large percentage of the attacks. By June 1987 the principal remaining hacker attacking AT&T computers was identified as "Shadowhawk."
Periodic monitoring of pirate bulletin boards in Texas and Chicago by Hank Kluepfel and others with AT&T corporate security first led to the discovery of the Shadowhawk attacks against Bell Labs in mid-1987. …