Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Friday morning I woke up in my hotel room at 5 a.m. I had a hunch about the elusive last number. I needed to check the documentation for the version of UNIX that Fibernet had been using. I didn’t have the manual with me, but I booted up my laptop and found it on the Internet; it explained that the number was used to warn people when it was time to change their passwords-it indicated the number of days between January 1, 1970, and the last time the password was changed.

I felt stupid. Here was possibly the most important piece of evidence in the entire trial, and I had not even realized it until the morning I was supposed to testify! Encoded in the record of each account’s password was the date the password had last been changed-by decoding the number, I could establish precisely when the “back door” was created. In the hours before the trial, I wrote a small program to translate the numbers.

What my homemade program showed me clinched the case. The back door had been installed on October 31st, the day after Payne’s last day of work-and after his access to the Fibernet system had already been cut off. Payne couldn’t have created it. What’s more, another account’s password change dated to more than two weeks after the attack, a detail that would be impossible if the printout was really the same one Son had made that day. This showed irrefutably that the chain of evidence had been broken.

At 10 a.m. I took the stand. I described my credentials, the proper handling of security incidents, the paucity of evidence, and the telltale indications that the printouts had been altered. Finally, I testified about what I had learned that morning. From that point, everything moved quickly. Payne and his wife testified, the attorneys gave closing arguments, and the jury began deliberations around dinnertime. In the late evening, they came back with the only verdict I thought they could reasonably reach: not guilty on all counts.

Today, Carl Payne oversees a large computer network in California. Fibernet, meanwhile, is thriving. In the course of the trial I came to believe in Payne’s innocence, but never felt that I had learned the real story. In closing arguments, the defense suggested a few possibilities: Somebody at Fibernet could have carried out the attack. An employee whom Payne fired in July of 1996 might have done it. Or perhaps the
crime was committed by some unknown hacker on the Internet, an unfortunate coincidence with Payne’s dismissal.

Fibernet, for its part, declined to comment for this article.

There’s really no way to know what happened, because the Utah police did not do a meaningful investigation. They simply asked the victim, “Who did it?” and Fibernet answered: “Carl Payne.”The company then provided all of the evidence used in the prosecution. The police never
would have followed such haphazard procedures in the wake of a physical breakin-they would have done their own detective work, carefully collecting and preserving the evidence. As more and more crimes occur in the neighborhood we call “cyberspace,” police need better tools and training. Without it, we risk bungled investigations and the very real possibility that innocent people will be found guilty for the hacks of others.

 

0 comments about this story. Start the discussion »

Tagged: Web

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me