Legendary hacker: We tapped into Nixon's phone to warn him of toilet paper crisis in L.A.
As the world dives deeper and deeper into the digital depths of technology, with most civilizations dependent on computers and networks, with phone lines kept under the scrutiny of spy agencies – isn’t it time to talk to those, who were in on things at the beginning? Today’s special guest was a pioneer of digital technologies. The man, who hacked into phone lines from the White House to Vatican – and did it just for fun. Today we talk to John “Captain Crunch” Draper – the legendary hacker is on Sophie&Co.
Sophie Shevardnadze: John Draper, a.k.a. Captain Crunch, one of the first ever hackers, welcome to the show, it’s so great to have you with us. Now, you are a legend in hacking world, one of the first ever hackers. If it wasn’t for you, actually, there would be no company called “Apple”. I don’t know how many people actually know this, but I know this. Now, Steve Jobs is a household name right now, but you’re known only by peers and in a circle of fans…does it kind of annoy you?
John“Captain Crunch” Draper: You mean, “Apple”?
SS: Yeah, what I’m asking is that you could have become like Steve Jobs or Steve Wozniak if you wanted to… You certainly aren’t any less capable than any of them. So, what made you stick to the world of hacking while they became entrepreneurs?
JD: Well, I was brought on as a contractor, initially, when I started working for them, and it was just sort of bad timing: I had better offer for a job in Pennsylvania, and I took that job because I didn’t know how good Apple would be back then. I mean, Apple was just in this old street mall which had, basically, two buildings. It had big, big office space with cubicles and they had the annex building, which was five or six doors down and it was just a two room annex building and I was in there, working with Steve Wozniak, Randy Wigginton and a few other high school kids that they brought on to work in Apple. And then I left Apple because I wasn’t sure it’s going to take off, I mean, it was a very small company then, and at the time, they were building the Apple-2 computers and I didn’t even have a case for mine…
SS: Do you have any regrets for leaving Apple, do you wish you’d stuck with it, or you’re happy doing whatever you’re doing right now?
JD: Yeah, of course, it’s just bad timing, I just wasn’t there at the right time. But I was at Homebrew Computer Club before Apple got started – that’s how I met Steve - I was the person who told Steve about the Homebrew Computer Club, and so during the Homebrew Computer Club, he was typing in, I think it was a two or three key of integer basic and he got it working by the time that random access period started, and so everybody took a break and he demonstrated it. It was amazing, it was first computer.
SS: I want to talk to you about hacking and all that jazz that actually appeals to a lot of my viewers – they’re not computer wizards, most of them aren’t, but you know, the whole hacking thing is just so romantic – you guys are all rock stars that are sort of underestimated. You and other phone hackers had to use a lot of personal and human tricks to get into systems – what kind of tricks or social engineering? And if you can, please be simple in your words, because not everyone understands the mechanics and the mechanical terms that you use…
JD: I’ll try to explain that in more detail. I wasn’t really the “social engineering” type, that was mostly Danny and ten years later, Kevin Mitnick whom you had on your show a couple weeks ago. So, when I was actually hacking the system, it was all mechanical back then, and I would be using a technique called “flash dump” – what I would do is dial a partial phone number and then hit the hook switch on the phone down-up and then I would hear “clunk-plop” sound and then at that point I was on the selector group that would allow me to trunk through to other numbers that were restricted. In fact, in 1989, when I went to Moscow, I think this was in October, through the projects for planetary peace – this was still Soviet Union, and I went to St. Petersburg, then Leningrad, and then I went to Moscow and then to Tbilisi. While I was in Moscow I got to payphone and started just dialing up numbers and doing flash-dump, and I had a Russian friend with me who could translate for me any recordings I get, and I somehow hacked into KGB network…
SS: What do you mean “somehow”? Can you be a little bit more precise, what do you mean “somehow”? Did they know they were being hacked?
JD: No, I don’t know – I didn’t stick around to find out. I was at a payphone, it was extremely cold, that was in October, it was 15 degrees below zero, and I wasn’t used to the weather, so I didn’t stay very long, but I stayed long enough so I was able to…I dialed, I think, 31, and then I flashed the hook switch and heard “clunk-plop” sound, and then I would dial, I think it was two digits, and then I got what appeared to be a dial tone, and then I dialed over that dial tone and it broke the dial tone and I just tried different random numbers, and I got an overseas trunk – I think it was from France, because I remember dialing 33. So then I said, okay, let me dial one and then area code and number in the States and I did that, and I called a busy test number. I didn’t want to make or complete a call, because I didn’t know what the laws were in Russia, I was pretty freaked out by actually trying this. And, I got through…
SS:Do you remember why you were doing that, do you remember what actually, like, pushed you to do this prank and to hack into KGB?
JD: I was just walking around with one of my Russia friends, and we saw a payphone, and I said “let me play around with this thing for a minute”.
SS: Oh, so you were just walking around and thought “Why don’t I just hack into KGB?” – Is that the way you said it to yourself?
JD: I didn’t know it was KGB, until I got a recording and I gave it to my Russian friend who translated it in English for me, and said “you’ve reached a KGB number, how do you know, I recognize the recording”. And that was the only way I knew that it was KGB, and it was only after I was able to get into international circuits from a payphone, that I realized that “wow, only the KGB would have something like that”.
SS: I want to go through some of your famous pranks: you were able to place a call to the White House and get connected to Richard Nixon. Could you do that today if you wanted? Could you actually call and somehow get connected to Obama?
JD: Definitely not.
SS: Why not?
JD: You’ve got to understand, this occurred back in mid-seventies, and I was at a party, and I was doing some scanning around and then I found, by accident, the CIA crisis hotline number to White House. It was an 800-number and the person who answered the phone was extremely rude to me. So, I… “social engineering” – probably the first time I did social engineering, and what I did was, I basically told them that I was a test technician for the phone company and I needed to know what number we dialed. And the person obliged by telling us that this was a CIA crisis hotline. So, I accessed the line for a while, and this goes back to when you could sit and tap lines and tap calls and numbers, so we just sat there and waited for call to come in – and somebody said “Olympus” and person that came on the line – My God, that was Nixon! Oh my God! - I couldn’t believe it. So then at a party about two weeks later we decided to call him up and tell him that we had a national emergency on our hands, that we were out of toilet paper. We were the first persons ever to prank the President.
SS: So, what was his reaction, what happened?
JD: Well, then another voice came on the line and said “who is this?” and they were obviously pretty tipped off, so I didn’t stick around to talk to him, we just hang up. Because when we called that number, we made sure that we had quite a few links between us and the White House phone number, their crisis line. It was possible to go from WATS extender to WATS extender – we did about three or four loops around, so he couldn’t trace the call. We didn’t stay long enough for them to trace the call.
SS: So, you’ve prank-called President Nixon and you also prank-called the Pope. At that point, did you feel there was no limit?
JD: Woz was the one who called the Pope. Let me explain that story. Wozniak has read the article “Secrets in Little Blue Box”, 1971 October issue of Esquire, and Woz and Jobs wanted to build one of the Blue boxes, so Woz built a Blue box and he contacted me, because I did an interview on KKUP, and Woz called in and said “Can we meet?” and I said “Sure, I guess so”. I made sure I didn’t have any equipment with me, and I went to UC Berkeley, a dorm, and that’s where I met Steve Wozniak for the first time. He showed me his Blue box, and it was horrible, and every time he tried to use it, it would drop a trouble card, and you would get noticed, and in fact, that’s how I got busted – one of the guys bought Steve Wozniak’s box and guy used it incorrectly and got busted. Woz asked me, he said “can we call the Pope?” – and I said “Sure, let’s see, that’s three, two...” – I forget the area country code of Italy, I think it was 38 or 39, and so we called Rome information and we got number of Vatican and we called Vatican – and this is, like, 4 in the morning – and it took us a while to find an English-speaking person, and once I got an English-speaking person I just handed the phone over to Steve and said “here’s the Vatican, ask for the Pope” – and so he did. Of course, the Pope wasn’t there, because it was 4 in the morning, but he did try to convince them, he told the person that answered the phone that “this is Henry Kissinger and I have to call the Pope because I have to confess.”
SS: When you guys were doing all of this, was it really just for giggles? What was it for?
JD: We just wanted to understand the system. My own goal was to understand routing codes, understand all this different special telephone company test numbers – you could call test boards with them. I could get into the inside sections of the phone company in ways that I could normally not do. So, I would reach switch rooms and test numbers, and I’d call these test numbers and talk to the technicians there and ask them questions – they were quite obliging, because they thought I was just another telephone company test-person. I knew the language, and what to ask for, and so this was how I got into the phone system. It was very easy to make blue box calls. You would call any call-free number and then you’d send 26 cent hertz tone down the line – that’s what the Captain Crunch whistle generates, by the way. So you blow the whistle, you’ll get the 26-hundred tone and that’s what trips phone company equipment into thinking you’re disconnecting the call and it will reconnect you to a trunk. Certain trunks will also let you actually dial a number by just repeatedly pulsing the whistle, like you want to dial a digit three go “peep-peep-peep” for three, “peep-peep-peep-peep” for four and you can dial numbers that way. Then they switched to multi-frequency, and that’s the blue box.
SS: John, the FBI went after you – were you really a dangerous criminal to be put away?
JD: Oh, definitely not. I was just a geek, was just interested in exploring the system. I had no malicious intent whatsoever. In fact, when Steve was selling the blue boxes, I thought that was pretty malicious, I was totally against the idea of selling them or making any kind of money from the idea, from my knowledge of this. I was just interested in the technology. It wasn’t until after I got incarcerated in jail that I spread the word about how that stuff works, because I had phone phreak classes in jail, it was like a big university of crime.
SS:So, I was just wondering, how come when you were locked away in prison, you continued with your digital experience? What exactly did you do, can you tell us about that?
JD: I can talk about it. It was possible to make free calls from jail, but the only calls that you can make from jail are collect calls. The telephone company has a test number and I just made a collect call to telephone company test number. I called the B-line which connected to the A-line and so I was sitting there , I had friend ready to accept my call, my collect call I was making from jail, and when the operator connected me, it connected me to a person who would gladly accept my collect call. So, I was able to make calls out that way. But I was very careful, because I knew that these phone lines are being monitored. So, I just made it look really as legit as possible. Also, when I was in jail, I modified my little FM-radio, so I could pick up their walkie-talkies, so I could tell when they’re coming into the area. That was very useful. Whenever I had my phone- phreak classes, we did this right under the noses of the guards, they didn’t even care. I was basically teaching them electronics, but then I would divert into other things you can do with it.
SS: Like what?
JD: Like using the electronics knowledge to build blue boxes and stuff, and I would draw the schematic backgrounds, so when they got out of jail they could make them.
SS: Let me ask you this: I spoke to Kevin Mitnick, whom you also know very well, he’s another famous hacker…
JD: Yeah, he lives right here in Las Vegas, actually.
SS: Right, right. But he is now running his own cyber-security company, although he started out hacking phones just like you. Do you feel that hackers, being a hacker has become a job – and is this a good thing?
JD: Yeah. Being a white-hat hacker, which is a definition of hacker, basically, using his skills to penetrate into systems and find weak links into the system. That’s good, and I was not afforded an opportunity to do that, when I got busted. I was the Bad Guy, the evil guy, and so was Kevin – but Kevin had a lot of backing that I didn’t have, and so he was able to extract very good agent to organize book deals with him and speaking tours, and I’m trying to organize a speaking tour myself, and nothing pleases me better than going over to Moscow and give a talk, that would be really cool, I’d like that.
SS: We need some hackers right now…
JD: But I haven’t really ran across anybody right now who wants me in.
SS: Well, maybe after this interview, people are going to reach out to you. I have another question, concerning politicized hackers, “hacktivists” so to say. Now, the Anonymous group, for instance, takes down government and big company sites, they protest against the whole establishment. Should hacking be a way to get a political message across, what do you think of that?
JD: I think it’s a pretty good way of getting messages across, absolutely, indeed. See, Anonymous is really not just a hacking group. When you put on that Guy Fawkes mask, you are Anonymous – that’s the whole concept of Anonymous mindset. It is – anybody can be anonymous. You put that Guy Fawkes mask on and you are Anonymous. The FBI is running around chasing their tails, trying to figure out who these hacker group Anonymous is, but little did they know that there are millions of people on the Anonymous hacking group. There are just a few people, for instance, the LulzSec, and all these people that just got started really being a little bit more malicious than normal. They took down HBGary site, they got a bunch of people, including Sabu and all these other people who then turned snitch – they basically gave States evidence about hackers and a lot of people got busted because of that, so he’s a pretty bad guy. At least, a lot of people seem to think so.
SS: John, I want to ask you a question that has been bothering me for a while. There was a movie in the 80-s, I don’t know if you’ve seen it – “War Games” with Matthew Broderick, about hacker who connects to a military computer and nearly sets off a nuclear war. Can a hacker potentially go and do that? Go that far, if you wanted to today?
JD: No. Definitely not. It’s just bunch of overly paranoia on the part of the government. They just wanted to, basically, blow up this hacker-criminal thing out of proportion to get more support, more money to fight hackers. But hackers are nothing more than these kids that get on their computers and get access into the bulletin board systems, they dial into computers inside the companies. But, the Defense System, even back then, was all air-gapped – there was no Internet back then that people could set up a nuclear warhead. That’s just totally bogus. Nobody would believe that.
SS: Okay, but kind of make it sound so harmless – it’s believed that the U.S. and Israel created the most dangerous computer virus ever seen, and you’ve mentioned Stuxnet yourself – and this is the virus created by those hacker kids that you were just talking about, and it was used to attack Iran’s nuclear facilities….
JD: Actually, no. From what I understand about that virus, it was created by the NSA or by the Israeli army or by… it was basically a state-sponsored hacking attempt, and that was not really done by some kids, that was done through very sophisticated…
SS:But still, hackers helped the governments to do that. On whichever side hackers are, on good side or bad side, they can’t do it without hackers; hacker has to be there to actually get things done…
JD: Not necessarily. I mean, NSA basically hires hackers all the time. In fact, during the DEFCON Hacker Conference about 3 years ago, Keith Alexander from the NSA gave his talk about how the NSA wanted to hire hackers and he goes on to say that you can’t be convicted of a crime and et cetera, et cetera, but he was actually recruiting hackers at the Hacker conference. The very next year after that, Keith Alexander got disinvited to Hacker conference because of these Snowden revelations.
SS: Well, let me ask you this – governments now actually need hackers to spy on countries, their own citizens as well. Does that increase or decrease global security, in your opinion?
JD: It decreases it, obviously, because the NSA is looking for weaknesses so that they can exploit the systems and they could do mass surveillance on people. So that’s very important that people understand that. There are ways to fight this surveillance. I use a program for the IPhone called “Wickr” and it’s a very secure, encrypted program, it’s OTR, it’s off the record, there’s no record of a contact being made and it’s very secure, and I use that a lot. It’s very easy to use – it’s just as easy to use as sms messaging, but it’s very secure.
SS:Thanks to Snowden we all now know that we’re being spied on all the time, and some of us don’t have that system that you’re using on your IPhone. But since the volume of information gathered is so enormous, right, it’s really impossible to actually sit there and go through it. Doesn’t that mean that surveillance threat is exaggerated?
JD: Absolutely. Because, I mean, there is so much communication going on, there’s just no way they could catch everything. Sure, they’re going to try to save all this data in this huge data-center in Utah that they’re building, and all that. They just say: “Sniff it all, capture it all, we will go back to it later if we need to look at it”. And so, if you made call to grandma three years ago, that conversation can be dug up and if they have an index to it, they can obviously do…they can take that conversation you had with grandma and listen to it. It’s not just metadata, it’s the hard-code data, it’s everything, not just whom you talk to.
SS: Alright, John, it’s been really great talking to. I wish you all the luck in finding good agent who will actually promote you to give lectures about hacking. We were talking to John “Captain Crunch” Draper, one of the first ever hackers, talking about his adventures, from helping created Apple to being chased by the FBI and about what hacking means today. That’s it for this edition of Sophie&Co, I will see you next time.