Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

The letter from Carl Payne came in the spring of 1998. It was hand-written -no letterhead. I was suspicious. Being a columnist for The Boston Globe and the author of seven books, I get my share of communications from cranks, crazies and convicts. But Payne, I soon realized, was none of the above.

Payne wrote that he was the defendant in a criminal computer-hacking case. Back in December 1994, at the age of 28, he had helped start an Internet service provider in Utah that was eventually named Fibernet. But in the autumn of 1996 the board voted to oust Payne after he locked horns with the man who was poised to become Fibernet’s new president.

A week after Payne left Fibernet, someone had hacked into the company’s computers and ransacked their systems. Fibernet had immediately fingered Payne and persuaded the Utah County Attorney’s office to charge him with violating Section 76-6-703 of the Utah Criminal Code, “Computer Crimes,” a seconddegree felony. The prosecution had a pile of evidence, the case was going to trial, and he needed my help.

At first glance, Payne did indeed look like the likely culprit. Studies have shown that most computer crimes are perpetrated by disgruntled employees. Most computer-hacking cases that reach a courtroom pivot on some aspect of the law, such as whether the hack was illegal-and not on whether the suspect actually did it. I had never heard of a case in which the accused “hacker” maintained his innocence, especially in the
light of hard evidence. Yet that’s just what Payne was doing. Intrigued, I called him.

On the telephone Payne was talkative, friendly-and very worried. We agreed that he would send me all the evidence the County Attorney’s office had provided to his lawyer. I would assess its quality and write a report. If the case went to trial, and he still wanted me, I would come to Utah and testify. It would be my first stint as a paid expert witness.

A week passed and a thick packet arrived in my mailbox. It contained Payne’s account of the incident, the police report, depositions from all involved, and nearly 200 pages of computer printouts. After four hours spent poring over the documents, I emerged into the living room and told my wife: “Things don’t look good for Mr. Payne.”

Payne’s last day of work was October 30, 1996. On November 6, someone had logged into each of Fibernet’s main computers and started deleting files. Customer Web pages and e-mail were erased. Accounting information was wiped out. Then the attacker gained access to each of the company’s special-purpose communications computers, called routers, and deleted their programming. Ultimately, the company lost more than half its customers, laid off many employees, left its managers without salary, and nearly folded.

0 comments about this story. Start the discussion »

Tagged: Web

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me