Spooked in a game of cat and mouse between a hacker and the Feds

For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emails

Sign up to our free breaking news emails

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

"It's Agent Sayers from the FBI. We understand that you've been hacked. We contacted you previously about this matter. Please return this message at your earliest convenience?"

"It's Agent Sayers from the FBI. We understand that you've been hacked. We contacted you previously about this matter. Please return this message at your earliest convenience?"

Well, that voicemail got my attention. The Feds were on to "bonez". And me.

Last March, I wrote about the experience of being hacked. Your correspondent, still a Linux newbie after months of effort, discovered that his home-built Red Hat Linux machine had been commandeered and turned into an IRC chatbot by someone named "bonez".

To put it plainly, "bonez" nailed me. And it took me two days to notice. My friend Mark Anderson, a Unix guru, told me how to proceed. "Format your hard drive to get rid of him. He just uses you to bounce an IRC connection. You don't have enough bandwidth or disk to be attractive to steal, and you aren't famous enough to be defaced."

Great.

I hadn't responded to the FBI's first call. I'd like you all to think that I'm a courageous Netizen standing up for all our rights. A guy with backbone, cojones and chutzpah. A fellow who will not just bow to the machinery of the US government, when a higher moral purpose is at stake.

That, and the fact that the first message was a bit cryptic. It just said, "We think you've been hacked - please call us." I thought it was phone-spam from a virus software company.

The second message, especially the part about the FBI, got my full attention. The Feds! I don't how one of Her Majesty's subjects would respond, but I dropped a dime. And got the FBI agent's voicemail...

Now, I figured I'd call the FBI, and some husky voice would say "Yes?", followed by silence, followed by the agent saying: "I'm listening." Instead I got: "Hi, this is Agent Sayers. I'm either on the phone or away from my desk. Please leave a message."

Sheesh.

So I left a message. Agent Sayers called back while I was on an plane to Chicago. It took me two days to figure out the different prompts on my mobile phone service's Chicago affiliated system. By then it was Sunday, so I left a message. Agent Sayers returned the call while I was in a meeting.

Stuck in phone tag with the FBI. This wasn't at all how I thought this would play out.

I figured it would be like a passage from books like Takedown by Tsutomo Shimomura and John Markoff, or The Fugitive Game by Jonathan Littman. There'd be clandestine meetings at giant network facilities, computer scientists and forensic experts sitting around glowing screens hastily assembled on folding tables.

There'd be computer experts writing sniffer scripts and checking server logs. We'd all dash off suddenly in an unmarked van loaded with radio direction finders and more computers. There'd be an agonising lull while we waited for the hacker to strike again, unknowing that his or her every move was being watched. Every hack attempt, every packet sent would point closer and closer to the hacker's lair. Would it be a basement in Brooklyn? An attic in Albuquerque?

Or would it be voicemail hell?

Finally, my mobile phone rang. I was on the Dumbarton Bridge, right at the top, overlooking the San Francisco Bay. Silicon Valley stretched out in front of me. It was Agent Sayers.

"Well, you've certainly been busy," she said. "Glad I finally got hold of you."

I remained noncommittal. I didn't want info being dragged out of me. I've seen lots of cop-and-robber shows. I know all about that good cop, bad cop thing. I was going to play this one real cool.

"Are you aware you were hacked?" she asked. Considering that I'd kept that secret from all but about half a million Independent readers, and that the column had been posted on The Independent's website as well as on my own, I guess I had to confess.

"Yes," I said. "How did you find out?"

"We can't tell you that," she said. "Can you give me an estimate of your damages?"

My damages. Hmmm. It had taken me 30 minutes to reformat the hard drive and reinstall Red Hat Linux. Good programmers in the Valley can command $300 an hour. Great computer scientists here can command fees as high as $35,000 a day.

"Uh, oh, I'm not sure," I wimped. "It took me a couple hours." Most of that was the time I had spent writing the column about it.

"Surely your time is valuable, worth something," prompted Agent Sayers.

Quick flash. It's a tense courtroom scene. The government's case has come down to my claim that my time was worth thousands of dollars. The hacker, a 12-year-old, sits in the dock, looking at me with an innocent face.

The hacker's New York attorney, his fees paid by the Electronic Freedom Foundation, is bearing down:

"Surely you must be kidding that your time is worth all this money, Mr Gulker. Didn't you just reformat your drive? Didn't you have to do that dozens of times anyway, when you made mistakes or misconfigured your Linux system?"

I folded. "Uh, look, Agent Sayers. This was really just a hobby machine, and I've had to reformat the hard drive lots of times just to fix my own mistakes."

"Oh, I see", she said. "Thank you for your time."

The phone clicked dead.

cg@gulker.com