Smith - Breaking and entering: the extraordinary story of a hacker called

Copyright 2019 by Jeremy N. Smith

All rights reserved

For information about permission to reproduce selections from this book, write to or to Permissions, Houghton Mifflin Harcourt Publishing Company, 3 Park Avenue, 19th Floor, New York, New York 10016.

hmhbooks.com

Library of Congress Cataloging-in-Publication Data

Names: Smith, Jeremy N., author.

Title: Breaking and entering : the extraordinary story of a hacker called Alien / Jeremy N. Smith.

Description: Boston : Houghton Mifflin Harcourt, 2019. | An Eamon Dolan Book.

Identifiers: LCCN 2018024873 (print) | LCCN 2018035206 (ebook) | ISBN 9780544911222 (ebook) | ISBN 9780544903210 | ISBN 97805449032109 (hardcover)

Subjects: LCSH: Alien (Hacker) | HackersUnited StatesBiography. | Computer securityUnited States. | Computer crimesUnited States. | LCGFT: Biographies.

Classification: LCC HV6772.A5 (ebook) | LCC HV6772.A5 S55 2019 (print) |

DDC 005.8092 [B] dc23

LC record available at https://lccn.loc.gov/2018024873

Cover design by Albert Tang

Cover photograph Shutterstock

Author photograph Sepp Jannotta

v1.1218

Song to the Earl of the River from The Pocket Tao Reader by Eva Wong, 1999 by Eva Wong. Reprinted by arrangement with The Permissions Company, Inc., on behalf of Shambhala Publications Inc., Boulder, Colorado, www.shambhala.com.

To my guides on this journey,
who led me to new worlds

&

To Carl Smith and Crissie McMullan,
who helped me get home

Things are not always as they appear. This is true of locks, doors, walls, and people.

Keshlam the Seer, Hacking Tips

Names and other identifying characteristics have been altered to protect peoples privacy. For the same reason, in a limited number of instances I have changed dates or combined individuals.

Tall and tan and young and lovely...

Its Saturday night at Ballys Las Vegas and I follow a woman in black leatherjacket, skirt, bootsdown the center of the casino floor. Her hairalso blackis twisted atop her head and held in place with chopsticks. She has on red lipstick and knee-high red polka-dot socks. A portable speaker clipped to her purse plays The Girl from Ipanema.

The womanthirty-three years old? thirty-four?passes tables for blackjack, three-card poker, and craps. Players turn from their chips to the source of the music. Several smile, entreating her to join them, but she continues through a thicket of ringing, whirring slot machines, emerging again in front of the casino elevators.

Theres a long line here, perhaps two hundred people, stretching to the end of the hallway and around a corner. Almost everyone is trying to get to the pool party a floor below or to the dozen other parties in Ballys Skyview rooms twenty-five floors above. Making sure no one cuts are two huge bouncers with crossed arms and dark red badges that say GOON .

The woman does not join the line. She smiles at the bouncers. The bouncers do not smile at her. They do recognize her, however.

The woman is a hacker. The bouncers are also hackers. And so are the two hundred people in line, and the several thousand already partying above or below.

In fact, there are close to twenty thousand hackers in Vegas this weekend.

Access approved, the bouncers say to the woman. They partspecial treatmentand the woman passes between them: first in line.

The next elevator is hers alone.

Or ours. Im with her, I tell the bouncers, and squeeze through before they can stop me.

A door opens and the woman and I step in together. This is crazy, I say. Is it always this crowded?

The woman rolls her eyes, seemingly put off that of all the questions I could ask right now, I choose this one.

As it turns out, for the next year my life will largely become a series of such strange questions and the even stranger answers she provides.

Of all the ways I might have expected to start hanging out with a hacker, perhaps the last was an impromptu playdate for my daughter.

Alien recognized me first. We had met briefly, fifteen years earlier, when I was a senior at Harvard and she was a sophomore at MIT. By chance, we ran into each other again one fall afternoon. Each of us was out with our preschool-age daughter. Amazinggreat to see you again! And the girls liked each other. Can weplay together? they asked. Please?

We agreed. Our daughters cheeredand then ran off to a set of swings. We chatted casually for a few minutes. Then I asked Aliennot that this was the name I knew her bywhat she was working on these days.

Well... , she said. Tomorrow morning, I have to break into a bank.

My old acquaintance, I learned, was a professional hackeror, as she put it to corporate clients, a penetration tester and digital forensics specialist. When institutions or individuals needed to test their security, either physical or virtual, she and her team were guns for hire. And if youd already been breached, theyd identify what had been stolen, how, and by whomplus recover any lost information and try to ensure that the problem wouldnt happen again.

Even with frequent media coverage, hacking is actually dramatically underreported, Alien told me. Only a small fraction of discovered hacks are disclosed to the public. And most hacks are never discovered in the first place.

She knew because, time and again, she or her close associates had either done the hacking or cleaned up after someone else had.

I liked talking to Alien and she liked talking to me. Further conversations (and playdates) led to increasingly revealing accounts, including, at my request, stories about her personal and professional experiences with hospitals and law firms, airlines and art museums, police departments and the Pentagon. She also talked about finding community, fighting assholes, falling in love, and forming a mature adult life within the larger hacker worldtopics completely missing in most accounts of hacker culture.

Some hackers have a well-deserved reputation for bragging, exaggeration, obfuscation, and outright lies. Alien, however, seemed modest by natureearnest, soft-spoken, and reserved. (I had yet to encounter her as the leather-clad woman who parted the Red Sea of bouncers in Vegas.) Before becoming a writer, Id logged time as a computer programmer, and I had enough early hacking experiences of my own to follow the outlines of her radically more sophisticatedand perilousexploits. Every detail I could verify checked out.

One Sunday afternoon, when I was in town again where she lived, I asked Alien if I could meet her at her office. Pretend Im a potential client, I said. Give me the big picture.

Alien agreed. Heres what you probably know, she told me from across a conference table. Hackers can break into your computer and cell phones, your company network or the network of anyone you do business with. They can read your email and texts, steal your business plans and credit card numbers, or take over your online identity in order to hack someone else.

I nodded, shifted uncomfortably in my seat, and turned off my phone.

Heres what you probably dont know, she continued. Only about thirty percent of hacks target a specific individual or institution. Some seventy percent are opportunistichackers trying to break into anything they can, and pursuing opportunities behind any open door. If your information is valuable to you, its valuable to someone else. No one is too boring to be hacked, and everything has a price on the hacker black market.