By Ray Stern
By New Times
By Amy Silverman
By Stephen Lemons
By Stephen Lemons
By Monica Alonzo
By Chris Parker
By New Times
Although Jackiewicz says he stopped hacking as soon as he took his first security job, he still operates Unphamiliar Territories (www.upt.org), one of the most revered hacker bulletin boards on the Internet. Jackiewicz prefers to call UPT a "computer security Web site" now. It's all semantics, really, since there's so much overlap between the technology of hacking and defending against hacking. For example, a network scanner program originally designed by a security expert to analyze a network and expose weaknesses--sort of an automated Tiger Team--is useful to hackers for obvious reasons. Likewise, ISP administrators can use a password guesser program written for hackers to find out which of their clients have stupid passwords and give them a wake-up call.
UPT boasts an extensive library of hacking/security programs, from classic to cutting-edge, which are free to download. It also carries a summary of the latest security bulletins--holes in certain systems discovered by hackers, patches to those holes quickly written by white-hats. Jackiewicz says that, as a chief of security, overseeing the site is an invaluable asset. "It's a constant seesaw between security holes and patches," he says. "You have to keep up on the latest, because the hackers do."
Another feature of UPT is a public access account titled "Hack UPT." It's an open challenge set up by Jackiewicz and his former partner in crime, Merc. The account lets you onto the network server--UPT nerve center--housed in Jackiewicz's bedroom. The challenge is to get root access once you're in. So far, no one's succeeded. If he had, he would have talked smack about it far and wide, because going up against Merc is going up against a top gun.
Merc's handle is short for Mercury, messenger of the Roman gods. A fashion maven might charitably describe Merc's look as "rumpled." During one recent dinner, he spilled food on his shirt, looked at it, and just left it there. But Jackiewicz and other former NSA hackers say what Merc lacks in social graces, he makes up for doubly in computer skills. As they say on late-night Kung-Fu Theater, his technique is strong. "Merc's a god hacker," says MindRape, an NSA hacker who got busted in 1992. "He's so freaking good." Thackeray is more reserved with her assessment. "There's basically two kinds of hackers. The ones who are looking to get something from it, and the ones who just have to take everything apart, to examine everything and learn what it does and mess with it. There's no profit motive there, no benefit other than bragging rights and knowledge. Merc is in that category." Thackeray also allows that, as a programmer, "he's certainly several leagues above most of the people we deal with."
Admittedly paranoid, Merc wouldn't let his voice be recorded, and agreed to an on-line interview for this article on the condition that New Times not use his legal name, even though it's attached to his "handle" in numerous public-record court documents.
The last NSA hacker to get popped, Merc was raided in 1994. When he heard the early-morning pounding on his door and looked out the window to see federal agents with drawn guns, Merc says, his first thought was, "Well, I guess this is the day." Thackeray says that compiling a list of all the hacks they had Merc nailed for took reports from the Secret Service, Air Force intelligence, the IRS, and state and local police. "Given what we had on him, the best he was looking at was probation with some jail time. The worst was prison." Instead, the government made what Thackeray calls "an unusually favorable offer": If he agreed to explain some of his methods to the Secret Service and Air Force OSI (office of special investigations), the government would let him plead out to one charge--breaking into a Salt River Project computer--with a guarantee of probation; no fine, and no time.
Merc took the deal, but it has yet to be finalized before a judge. He's due to be arraigned June 17, at which time he'll receive a new court-appointed attorney, who will review the deal and, presumably, accept it in short order. Until then, he still has charges pending. If the government decides he hasn't been a good boy, it could yank the deal at the last minute. Merc says he hasn't done any illegal hacking since his bust. But other hackers say he's been wreaking havoc on SPAM (junk e-mail) marketers across the country. Also, when Merc applied for his current job, local hackers say, the systems administrator at Genuity reportedly laid down a challenge: "If you're such a god hacker," he told Merc, "then do this: I've got a private Internet account on an ISP in Cincinnati. That's all I'm going to tell you. I want you to find the ISP, get into my account and leave me a message that proves you were there."
The story goes that when the Genuity administrator checked his Cincinnati account the next morning, not only was there a message from Merc, but it contained several of Genuity's most critical system passwords, which Merc had somehow pried out of the Phoenix ISP.