Found this while poking around. Seems someone representing their self as one of the DEC employees that ran 8BBS dropped a short message about it on everything2 back in 2006.
Refuses to play the video "due to the privacy settings". Direct Vimeo link says the same. First time seeing Vimeo breaking like this. That's in Firefox.
Edit - the exact message is "Because of its privacy settings, this video cannot be played here." I'm guessing it's geo-locked.
My first job out of school was at a dot-com in Vegas in the year 2000 initially as the network administrator. Susan was the Director of Marketing. My first interaction with her was typical assisting someone with some issue or another, but I noticed her book shelf was full of very technical books, and it turned out she was a Microsoft Certified Solutions Expert and I was just a simple MCP (I was new to Windows NT, my background was in Netware). I was about 22 and she was about 40, and it was very intimidating at the time, especially after I learned she was Susan Thunder.
While the company was downsizing (dot-com bust) the CTO told me to batten down the hatches while Susan was being laid off. I told him that I'm fairly confident she knows more about NT than I do and that I didn't think I could do enough to secure things, so we more or less shut things down for the night.
I sort of remember the whole company being scared of her in general. I don't know why though, she was always very nice to me and seemed pleasant in general. It was an overreaction to shut down the network that night, Susan never attempted revenge. In hindsight, she was probably an adult that understood that companies fail and it wasn't personal.
> One day she asks me, “You know why nobody knows who I am?”
> No, I say, thinking back to a year previous — before the plague, before our phone calls, before I finally found Susan, when her name still meant nothing to me.
> “Because I never got caught,” she says. “All the best hackers, all the best phreakers in the world, we don’t know who they are because they never got arrested. And they never went to prison. This is why you don’t know who the best ones in the world are. This is the truth. Think about it.”
And it's that kind of arrogance and survivorship bias that gets you thinking you're better than you are. She was lucky she was not caught, or the others were unlucky they did get caught. The people around her that she considered as her fellow peers got caught after all.
> I went looking for the great lost female hacker of the 1980s. I should have known that she didn’t want to be found.
But then she _WAS_ found for the purpose of writing this article. So if not getting caught is the measure of being a good hacker... And she'll be incredibly easy to track down now.
> Kevin Mitnick publicly maintains that he had nothing to do with the destruction of the US Leasing files. In his autobiography, he characterizes Susan as a “wannabe hacker” who took revenge on him and Lewis using a backdoor into the US Leasing system that he had created.
I'm inclined to agree with Mitnick. There are numerous examples in this article alone of her acting in a vengeful manner, e.g.:
> But when one of her exasperated targets called her a small-brained little twerp, Susan got mad. In retribution, she called the phone company and, posing as the woman, had her phone number changed.
And really how likely is this to actually be true:
> She claims to be one of only three women to have slept with all four Beatles, securing the trickiest, Paul McCartney, through an elaborate pretext that involved having his wife Linda whisked away in a limo for a staged photoshoot.
It reads like the wishful thinking of somebody who had bigger dreams than their own reality, clinically delusional. Some of these things I could let go, but there is too much "it happened, trust me". Bare in mind that the _ENTIRE_ point of social hacking is to spin a lie so good that you believe it yourself.
“All the best hackers, all the best phreakers in the world, we don’t know who they are because they never got arrested. And they never went to prison. This is why you don’t know who the best ones in the world are. This is the truth. Think about it.”
I'd go as far as to say that by 1990 post-Operation Sundevil etc, this was considered common wisdom, and such people with great skill who never got arrested were the rule, not the exception. People pulled off fantastic things, but refused to do silly stuff like join groups or write about their exploits in G-philez, or even use the same alias on two forums (let alone doing anything from their house). You might have met up with them on an Alliance Teleconference or QSD once in awhile, but never at the 2600 meetup at the mall. These people tended to make it well into adulthood and lead rewarding lives, all without ever becoming a pushpin with pieces of yard tied to it on some Secret Service agent's cubicle wall. Of course, it doesn't make you as famous as an Esquire article does. But also, handcuffs hurt.
This is still true today, and of more hunted groups than just hackers.
Also sums up what always puts me off these "notorious phone phreaks". It's always someone, usually emotionally stunted, riding some kind of power trip. Certainly never anyone I would admire.
I suppose I shouldn't be so judgmental, they often seem to have pretty fucked up childhoods and are no doubt a product of that. I just don't see any good that comes from idolizing them.
It's not necessarily true. Maybe the best ones were the best UNTIL they got caught. Hard to say, given we don't know anything about the best if they were never caught.
It's a delightful write up and her story is 100% worthy to be told, however I wouldn't trust the hacking stories because there's no way of verifying them. Too easy to add embellishments.
> It’s not lost on me, as she tells these stories, that I’m on the phone with a phone phreaker or that I’m attempting to tell the true story of an expert deceiver
She claims to have slept with all 4 members of The Beatles. Methinks most of the stories she tells are nonsense, but she suits the prevailing narrative for a certain segment of the media.
It seems the hackers who get caught are the ones who were compelled to brag about what they did. Perhaps, the greatest quality a hacker can have is humility.
Cool article! And, as the eternal nitpicker, I only found one inaccuracy:
> Back then, everyone had a landline, but people in the public eye kept their phone numbers out of the Yellow Pages.
The Yellow Pages were for company/business numbers, the phonebook (or part of the phonebook) with the personal phone numbers was plain white. Makes me feel old (and wonder how young the author is). Or is "keeping your number out of the Yellow Pages" a commonly-used expression I'm not familiar with?
Possibly unpopular view: social engineering is not hacking. It is conning. People have been doing it since the beginning of time and one can do it with very little technical skill. It's an insult to those who work hard for deep knowledge and technical ability, to call social engineering "hacking".
Not sure how it's an insult. It takes same amount of skill, practice, and hard work, if not more, for someone to become good at social engineering. Those two are two orthogonal skills, and one is not necessarily better/harder than the other.
To be honest even I didn't have a high opinion of social engineering conmen, until I watched "Catch Me If You Can" and read about Frank Abagnale[1].
That said, most of the big hacks do involve social engineering angle. It's a cocktail of tech hacking + social engineering + good old plain con.
> Possibly unpopular view: social engineering is not hacking. It is conning.
“Conning" is just hacking systems consisting of one or more people.
> People have been doing it since the beginning of time and one can do it with very little technical skill.
People do other kinds of hacking with very little skill and a few focussed tricks (often borrowed form others), too. OTOH, deep knowledge of social systems allows doing original hacks of more complex social systems with greater theoretical safeguards (often, they are just as weak if you can identify the right point of attack, but that's where the knowledge comes in; just as with systems composed of things other than humans.)
> It's an insult to those who work hard for deep knowledge and technical ability, to call social engineering "hacking".
As a counter argument, social engineering is hacking through a different interface. You're still exploiting vulnerabilities, but in a low-tech, process-based system. But I agree that we should use different terms.
Good social engineering is a lot harder to do than 90% of online hacks, which are generally just skiddies downloading some PoCs from GitHub and spamming them until they get results.
The Project Zero and APT type stuff that hits the news is the exception, not the rule, which is why it hits the news in the first place.
The hidden assumption here is that only "technical" skill counts. It's a skill. It's a difficult skill to master. And it is certainly an "insult" to dismiss it like you do here.
This may be a generational thing, but most IT security even a mere 20 years ago focused heavily on the human elements. Networks were different back then and people were far easier to dupe. You usually had to be on site to gain access to anything interesting. The social engineering tricks people roll their eyes at these days were invented back then for this purpose. Hacking is a broad term with deep roots. Let’s not gatekeep it too hard.
I was with you until the last sentence. They're very different skills being conflated because the end result is similar from a narrow view (and because "we got hacked (via social engineering)" sounds better than "we got conned"). But one is not inherently less difficult than the other. It's just inaccurate and kinda misleading to call one the other, not an insult to anyone.
Yes, I mean, if you consider hacking to be purely technology based and not about, in part, accessing forbidden systems or manipulating components of the system to perform unintended functions then you may be right
Abandoned by her father and abused by her step-dad, I'd say she did alright for herself and didn't become too evil. She skirted the edge without going over for the most part afaik
Once again, the media trying to pass someone with social engineering skills as a hacker. You might as well call it Lying engineering, those people are just good at lying and manipulation, for me, hacking is another entirely different activity.
Also she ratted on Mitnick, those people are called informants, not hackers.
[+] [-] knome|4 years ago|reply
https://archive.org/stream/8BBSArchiveP1V1/8BBS_Archive_P1V1...
Seems it was digitized from dot-matrix printout by a packrat/historian who got the logs alongside some old gear they were buying.
http://silent700.blogspot.com/2014/12/is-this-something.html
Found this while poking around. Seems someone representing their self as one of the DEC employees that ran 8BBS dropped a short message about it on everything2 back in 2006.
https://everything2.com/title/8BBS
https://everything2.com/user/FTCnet
And here's a 1987 interview with the Tuc that acted as the contact at the beginning of the article.
http://protovision.textfiles.com/phreak/tuc-intr.phk
[+] [-] emmelaich|4 years ago|reply
[+] [-] huhtenberg|4 years ago|reply
Edit - the exact message is "Because of its privacy settings, this video cannot be played here." I'm guessing it's geo-locked.
[+] [-] snthd|4 years ago|reply
[+] [-] aortega|4 years ago|reply
[+] [-] edub|4 years ago|reply
While the company was downsizing (dot-com bust) the CTO told me to batten down the hatches while Susan was being laid off. I told him that I'm fairly confident she knows more about NT than I do and that I didn't think I could do enough to secure things, so we more or less shut things down for the night.
I sort of remember the whole company being scared of her in general. I don't know why though, she was always very nice to me and seemed pleasant in general. It was an overreaction to shut down the network that night, Susan never attempted revenge. In hindsight, she was probably an adult that understood that companies fail and it wasn't personal.
[+] [-] bArray|4 years ago|reply
> No, I say, thinking back to a year previous — before the plague, before our phone calls, before I finally found Susan, when her name still meant nothing to me.
> “Because I never got caught,” she says. “All the best hackers, all the best phreakers in the world, we don’t know who they are because they never got arrested. And they never went to prison. This is why you don’t know who the best ones in the world are. This is the truth. Think about it.”
And it's that kind of arrogance and survivorship bias that gets you thinking you're better than you are. She was lucky she was not caught, or the others were unlucky they did get caught. The people around her that she considered as her fellow peers got caught after all.
> I went looking for the great lost female hacker of the 1980s. I should have known that she didn’t want to be found.
But then she _WAS_ found for the purpose of writing this article. So if not getting caught is the measure of being a good hacker... And she'll be incredibly easy to track down now.
> Kevin Mitnick publicly maintains that he had nothing to do with the destruction of the US Leasing files. In his autobiography, he characterizes Susan as a “wannabe hacker” who took revenge on him and Lewis using a backdoor into the US Leasing system that he had created.
I'm inclined to agree with Mitnick. There are numerous examples in this article alone of her acting in a vengeful manner, e.g.:
> But when one of her exasperated targets called her a small-brained little twerp, Susan got mad. In retribution, she called the phone company and, posing as the woman, had her phone number changed.
And really how likely is this to actually be true:
> She claims to be one of only three women to have slept with all four Beatles, securing the trickiest, Paul McCartney, through an elaborate pretext that involved having his wife Linda whisked away in a limo for a staged photoshoot.
It reads like the wishful thinking of somebody who had bigger dreams than their own reality, clinically delusional. Some of these things I could let go, but there is too much "it happened, trust me". Bare in mind that the _ENTIRE_ point of social hacking is to spin a lie so good that you believe it yourself.
[+] [-] root_axis|4 years ago|reply
[+] [-] makeworld|4 years ago|reply
Her friends were found. The journalist only got her email after Susan agreed for her friend to share it.
[+] [-] rsync|4 years ago|reply
[+] [-] Taniwha|4 years ago|reply
“All the best hackers, all the best phreakers in the world, we don’t know who they are because they never got arrested. And they never went to prison. This is why you don’t know who the best ones in the world are. This is the truth. Think about it.”
[+] [-] Hokusai|4 years ago|reply
[+] [-] justanother|4 years ago|reply
This is still true today, and of more hunted groups than just hackers.
[+] [-] JKCalhoun|4 years ago|reply
I suppose I shouldn't be so judgmental, they often seem to have pretty fucked up childhoods and are no doubt a product of that. I just don't see any good that comes from idolizing them.
[+] [-] zibzab|4 years ago|reply
Just saying...
[+] [-] ravenstine|4 years ago|reply
[+] [-] malux85|4 years ago|reply
"Nobody knows what a smart fish tastes like"
[+] [-] bugmen0t|4 years ago|reply
It may be true for the early hackers, but there are many famous hackers that have not been in prison. Just think of the people like Dan Kaminsky.
[+] [-] deltaonefour|4 years ago|reply
[+] [-] renewiltord|4 years ago|reply
[+] [-] tester34|4 years ago|reply
then probably yea, but when it comes to skills?
I'd say that they're not really that unknown - https://ctftime.org/
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] grapescheesee|4 years ago|reply
[+] [-] herodoturtle|4 years ago|reply
https://en.m.wikipedia.org/wiki/Susan_Headley
[+] [-] richardfey|4 years ago|reply
[+] [-] TonyTrapp|4 years ago|reply
> It’s not lost on me, as she tells these stories, that I’m on the phone with a phone phreaker or that I’m attempting to tell the true story of an expert deceiver
[+] [-] Freskis|4 years ago|reply
[+] [-] dataviz1000|4 years ago|reply
[+] [-] rob74|4 years ago|reply
> Back then, everyone had a landline, but people in the public eye kept their phone numbers out of the Yellow Pages.
The Yellow Pages were for company/business numbers, the phonebook (or part of the phonebook) with the personal phone numbers was plain white. Makes me feel old (and wonder how young the author is). Or is "keeping your number out of the Yellow Pages" a commonly-used expression I'm not familiar with?
[+] [-] hereforphone|4 years ago|reply
[+] [-] vishnugupta|4 years ago|reply
To be honest even I didn't have a high opinion of social engineering conmen, until I watched "Catch Me If You Can" and read about Frank Abagnale[1].
That said, most of the big hacks do involve social engineering angle. It's a cocktail of tech hacking + social engineering + good old plain con.
https://en.wikipedia.org/wiki/Frank_Abagnale
[+] [-] dragonwriter|4 years ago|reply
“Conning" is just hacking systems consisting of one or more people.
> People have been doing it since the beginning of time and one can do it with very little technical skill.
People do other kinds of hacking with very little skill and a few focussed tricks (often borrowed form others), too. OTOH, deep knowledge of social systems allows doing original hacks of more complex social systems with greater theoretical safeguards (often, they are just as weak if you can identify the right point of attack, but that's where the knowledge comes in; just as with systems composed of things other than humans.)
> It's an insult to those who work hard for deep knowledge and technical ability, to call social engineering "hacking".
No, it's not.
[+] [-] protontorpedo|4 years ago|reply
[+] [-] sen|4 years ago|reply
The Project Zero and APT type stuff that hits the news is the exception, not the rule, which is why it hits the news in the first place.
[+] [-] ThinkBeat|4 years ago|reply
This is handy when youa re selling your consulting services.
One of our consultants will con .. We have sone of the best con artists ....
The term itself is a con.
[+] [-] user-the-name|4 years ago|reply
[+] [-] madrox|4 years ago|reply
[+] [-] sundarurfriend|4 years ago|reply
[+] [-] PickledHotdog|4 years ago|reply
[+] [-] csk111165|4 years ago|reply
[+] [-] mpenick|4 years ago|reply
I have trouble getting past this sentence. Did they mean “digital”?
[+] [-] labrador|4 years ago|reply
[+] [-] Lamad123|4 years ago|reply
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] egberts1|4 years ago|reply
[+] [-] severak_cz|4 years ago|reply
[+] [-] ehnto|4 years ago|reply
https://en.wikipedia.org/wiki/Susan_Headley
[+] [-] aortega|4 years ago|reply
Also she ratted on Mitnick, those people are called informants, not hackers.