Contents
About this project
Page 1
Page 2
Page 3
Page 4
Page 5
Page 6
Page 7
Page 8
Page 9
Page 10
Page 11
Postscript, March 1997
Postscript, January 2000

One day while out running errands, his electronic pager beeped. It was the friend, saying he was in Manhattan, and asking him to come and meet him.

"It sounded funny to me. I thought he was supposed to be locked up. When you're in trouble with the feds you're usually in trouble for awhile, and it had only been a few days. And then he's paging me, saying he's over in the city. That didnt make sense. So I called my apartment," he says.

Another friend, this one a girl, was at his apartment and answered the phone.

"I said 'hey it's me' and she said 'no he's not here'. I said 'no, no it's me it's me'...I didn't catch on at first. Then I hung up and realized what was going on. I called her back and told her to get all the papers and throw them out. She said 'Ok, I'll give him the message.' The Secret Service was already over there."

A Secret Service raid on his home was in progress. The agents confiscated his computer, disks, printouts, and anything that might be connected to hacking.

"I decided to disappear for awhile. I needed to get my thoughts together. I had my car with me and I ran to Florida. I was sleeping in my car, and when I got there I stayed with another member of the group," he said.

At first the Secret Service ordered his pager turned off. The pager company, Mobile Metromedia, had been running its paging and billing software on a Unix system suffering from an easily exploited security flaw, so Avirex had his pager and those of the other members of his circle connected for free, meaning the company had no records for any of the pagers.

"They cut my pager off, and the next day I cut it back on. Then they cut it off again, so I left it alone. Then they finally put it back on so they could tell me to call them and to come back in. They told me they were having a tough time convincing the company to turn off a pager they [the pager company] didn't even know about," he said.

After about a four months on the lam, Avirex decided to surrender, and did so at the offices of his lawyer, a public defender, in Manhattan. He was handcuffed and taken away in a car.

He realized that his lawyer did not fully understand the nature of the charges against him, nor did he understand the technology involved.

"We went to trial, and I just pled guilty. They said they were still downloading stuff from my computers to use as evidence, and that really got me scared. They offered me 36 months if I pled guilty. There was no way I was going to court, so I took it, and the judge dropped the sentence down to 24 months," he said.

He was sent to the correctional facility in Lewisburg, Penn., a minimum security facility reserved for white collar criminals. "It was interesting serving time there, but I wouldn't want to go back." Of the 11 members of the High Tech Hoods, four did time in prison, some only a few months; of the four, Avirex served the longest sentence.

"We all tried to be good hackers back then, but we fell off the ethics path."

He got out in December, 1994. Now more than two years later, he is back in the scene, and working under several assumed identities.

"I got back just through talking to friends that I missed so much while I was away. I had no choice but to get back into the scene. Since I started it was always something I ended up doing."

Today his current employer has no idea who he really is nor any idea that he has a criminal record. He simply created another identity for himself. It was not a hacker trick, just a series of paperwork tricks he learned about through his various readings. He has a fake birth certificate, a falsified social security number and is currently working on getting a fake drivers license.

Avirex said he has the ability to create and delete bank accounts for himself any time he needs a convenient place to store money temporarily. He said he has used information taken from discarded documents and manuals found in trash dumpsters belonging to both banks. This information in hand, he places phone calls to bank employees posing as an employee needing some kind of technical help relating a bank computer network. This is called social engineering, and Avirex has used it to acquire hundreds of passwords and access commands.

These abilities have come in handy. When he's not working at his legitimate job, he moonlights as a covert private investigator. He could easily become a PI, but his criminal record forbids it.

"I have a few PI's who use my services. I can get information that can't get sometimes. Stuff they can't usually afford to get through other means."

His most interesting case, he says, was one of corporate espionage. One Fortune 500 company wanted a list of a competitor's clients. Once again, he employed his skills in social engineering, this time in person.

"I got approached by a person who worked for them. They said everything had to be quiet, and asked if I could I do it. I said I would try. It took close to six months. First I tried going in for a job, but they wouldn't hire me. Then I ended up working for a cleaning company that cleaned their offices after-hours. So when I was supposed to be sweeping floors and vacuuming I was using their computers. They wanted to look at reports, customer lists, trade secret stuff. I never want to know why my clients need the information I get for them. But that's how I do my cases. It's simple enough to become another person. Everything is verifiable. I can give them phone numbers and answering services. School records can sometimes be iffy, but they're really not too much of a problem.

"I've worked for companies like Goldman-Sachs, just to gain information for myself. I got hired as a consultant, which gave me access to their computers. Then one morning I called them up and said I wanted to terminate the project. That's how it works most of the time... I get hired as a consultant."

His current project involves rebuilding the High Tech Hoods — now renamed High Tech Hackers — as a computer security firm.

"What we want to do is find some good hackers, maybe some of the guys from the 2600 meetings, and teach them the ropes. We'll keep them on the level, and let them do what they like to do, which is hacking, while they get paid for it," he said.

He is also bringing back the New York Hacker Exchange in the form of a site on the World Wide Web. At the March 2600 meeting he handed out copies of a disk with a sample of files that will be archived on the site.

"I cannot control someone if they use my information for destructive purposes," he said. "Ever since I got into the hacking scene so many hackers showed me things with no problem. They helped me learn and that's how I think the game should be played, so I will do the same. This information can be used by a computer security pro just as much as it could be used by a hacker."