The state of Nevada has granted the proprietor of a Las Vegas in-room
adult entertainment service additional time to prove that malicious
hackers are disrupting his telephone lines to benefit competitors-- a case
he hopes to make with the help of his new investigator, former hacker
Eddie Munoz is embroiled in a legal battle with Sprint Central Telephone,
Las Vegas' local telephone company, over what he claims is the company's
negligence in allowing hackers or corrupt insiders to systematically
block, divert and monitor calls to his service since 1991, costing him as
much as $20 million in lost business. In February, following years of
complaints by Munoz and other Vegas business-owners, the state public
utilities commission (PUC) found "probable cause" to hold hearings on the
matter, giving Munoz the power to subpoena records and take depositions
Sprint Central Telephone attorney Patrick Reilly did not return phone
calls, but in PUC filings, the company insists there's no merit to Munoz's
complaint. "For years, Munoz has made unsubstantiated allegations of call
blocking and call diversions against Sprint," Reilly wrote in an
unsuccessful motion to dismiss the case last month. "After obtaining
Sprint's assistance in investigating this matter, and now after conducting
one round of discovery, Munoz still cannot support his allegations."
Munoz admits he has no smoking gun, but accuses Sprint of dragging its
feet in responding to his subpoenas. In July, over Sprint's objections,
the PUC granted Munoz a continuance from his September hearing date to
allow him to do more investigating. A public hearing is now set for
Mitnick, 38, joined the investigation after SecurityFocus reported on the
case in May, and interviewed the ex-hacker about his own past forays
into Sprint Central Telephone's network. While the company claims it has
never suffered a computer intrusion, Mitnick detailed extensive
penetrations into Sprint Central Telephone's systems from approximately
1992 until his February, 1995 arrest.
Twenty months out of prison after a five year stretch, Mitnick is under
federal supervision, and had to obtain permission from his probation
officer before working for Munoz. He remains barred by court order from
using computers or the Internet. "He's not able to touch the computer, so
everything has to take an extra step," says Munoz. "It's kind of
frustrating for all of us... But he really knows what he's doing."
Mitnick, who hired an associate to do any computer work needed, says he's
taking a systematic approach to the case.
"I believe there's a lot of circumstantial evidence that there's a
problem, and what we're trying to do is isolate the problem," says
Mitnick. "For now, we want to take as much traffic out of Vegas as
possible, and see if there's a change in the call volume."
To that end, earlier this month Mitnick moved Munoz's phone lines into a
rented office in Los Angeles, where a temp worker answers calls for
Munoz's private nude "dancers", and relays the requests to Munoz. "The
purpose of this test is to take Sprint out of the terminating end out of
the loop," says Mitnick, "and see if it's a problem at the originating
Mitnick says he's waiting for data from his long distance carrier before
drawing conclusions from the tests.
The ex-hacker is currently working on a book about social engineering
attacks in information security, and rents himself out as a speaker at
corporate functions. He also hosts a weekly A.M radio talk show in Los Angeles.
His consulting fee in the Vegas case is "what any good lawyer would
charge," Mitnick says. By Kevin Poulsen