Reading Time: 7 Minutes

Mathew Bevan, and Richard Pryce, the two young hackers who in their spare time, from the comfort of their bedrooms, had penetrated what should have been the most secure defense network in the world back in the ’90s.

Their success was based on a mixture of persistence and good luck, which was assisted by simple security mistakes in the Pentagon computer system.

Back story

Richard Pryce 

He was British and living in the UK, and he was still going to school at the time of his arrest. He had a musical upbringing with his two sisters and had a passion for playing the double bass.

He bought his first computer when he was 15 to help him with his studies at the time. He was spending his free time on a bulletin board (computer forums) on the Internet where computer users chatted and traded information, it was here where he got his first introduction to hacking.

Got software off the forums and one of them called the “bluebox”, could recreate various frequencies to get free phone calls. He used the software to make calls anywhere in the world for free. It became normal to him and he would then get on the Internet and use various ‘hacker’ forums and learn techniques to download the software he needed along with text files that were explaining what you can do to different computer types.

He was treating hacking like a game, a challenge and he got good at it as time was passing. It escalated quickly and went from hacking low-profile computer targets like universities to being able to hack military systems.

His nickname ‘Datastream Cowboy’ came to him in a flash of inspiration. 

Mathew Bevan

Mathew was also British and at the age of 12, he got his first computer, a Sinclair ZX81.

He was a nerd by his own words, and he was beaten and bullied almost every day of his school life.

At 15, he bought an Amiga 500 which at the time was better than most personal computers. Just like Pryce who was younger than Mathew, Mathew discovered the bulletin boards (online forums) and started exploring the Internet. He would call all the BBS (bulleting Boards) numbers he could found, resulting in a 400$ bill and a warning from his mother.

Bulletin Board - Original BBSs/Jason Scott

He then started learning how to manipulate the phone system until he was able to make free calls and even obfuscate call origin. He wanted to be anonymous so he found out that he could divert the calls through several countries before reaching his destination, giving him the ability to call from anywhere in the world free and remain untraceable.

He met various people on the BBS who wanted to learn his skills and tricks he accumulated on the phone system, as a trade for that information he would get documents and other information on how to hack computer systems.

By gaining such knowledge he would then become fearless and strong in the digital world but scared and powerless in real life, he would spend countless hours in front of his pc after school and repeat the cycle all over again for months.

It was not long before he started breaking into all sorts of machines, small and big, and he was doing it just because he could. He became addicted to the nature of hacking, by looking into institutions’ files to bypassing security systems. He was lured by the rush of excitement and he couldn’t stop hacking into systems, again and again.

By hacking everything he could, he felt unfulfilled and wanted a direction. He got his direction when he was on a bulletin board in Australia, called Destiny Stone, and was run by a phone phreaker (someone who hacks into systems using a phone connection) called Ripmax. While Ripmax ended on the wrong side of the law, Mathew was able to find hundreds of documents about UFO, government cover-ups, and conspiracy theories on Ripmax’s machine. 

His direction in hacking was found, he would then try to uncover conspiracy theories and government cover-ups in his pursuit of the ultimate truth and hacking pleasure. His nickname was Kuji.

 The hacking story, from Kuji, and Datastream Cowboy side

April 1994, American special agents were waiting patiently for an upcoming attack. They have identified suspicious activity for weeks now, and the unknown enemy was moving across the Pentagon network computers, cracking codes and downloading confidential files. The unknown enemy was Pryce, or by his nickname Datastream Cowboy, who was hacking around the military base systems of the Pentagon.

He was first spotted by a systems manager at the Rome Laboratory at the Griffiss Air Force Base in New York. He had breached the security systems and was using assumed computer identities from the airbase to attack other targets like NASA, Wright-Patterson air force base which monitors UFO sightings, and Hanscom air force. He planted sniffing programs to get the passwords he used in the systems.

Rome Laboratory at the Griffiss Air Force Base in New York - www.wrvo.org

The American military had been preparing for such cyber-attacks for years then, and they created a new breed of special agents’ force called the Air Force Office of Special Investigations (AFOSI). The special agents were dispatched to the Rome Laboratory to identify the attacker.

Datastream Cowboys’ successful hacking in the Rome Laboratory relied heavily on luck.
He gained low-level access to the Rome computer systems using a default guest password, then he retrieved the password file and downloaded them. He tried brute-forcing the password file with a passwords list containing 50K random words and left his computer running overnight until it cracked it.
With luck on his side, he managed to crack the weak password of a United States Air Force (USAF) lieutenant who was using as a password, his pet ferret name, called ‘Carmen’.

Once he cracked the password, he was free to explore highly classified and confidential documents. He was able to escalate his privileges and became a root user which gave him the power to do whatever he wanted into the system, from deleting, creating, editing accounts, to shutting down the entire system. He read about the UFO material being kept at the Wright Patterson base and decided also to get in their systems and also hacked a NASA site. 

Pryce had as his main target the Rome Laboratory because he knew that there, the military was developing stuff, he downloaded on his computer a programming code for an artificial intelligence project he found. Then he proceeded to visit a computer in Korea, from the Rome laboratory computer, he just tapped in the address for the Korean research computer and he did nothing after that, he just fancied having a go at a different sort of computer.

In 3 months, Pryce was sending weekly e-mails to the fellow hacker he knew as Kuji, without knowing his real identity was Mathew Bevan.

Bevan at the time became interested in hacking after finding on Ripmax’s computer all the documents for UFOs, government cover-ups, and conspiracy theories. He saw on a hacker publication called PHRACK, a story about the alleged disappearance of 40 hackers who were targeting military systems to try and uncover the truth. The publication also printed the names of the bases that were thought to have been the targets by the missing group. 

He had already hacked so many other systems, from corporate, educational to government and he was able to begin a systematic attack on each one of the targets that PHRACK cited.

Phrack Magazine issue 60 - www.phrack.org

The hack from the American cyber agents’ view 

As Pryce got spotted first by a systems manager at the Rome Laboratory, the computer specialists from AFOSI dispatched to the Rome laboratory to catch him.

In the second week of their investigation, they saw that Datastream Cowboy (as he called himself) was online again. They carefully tracked him when he used the access code, he cracked from the high-ranking Pentagon lieutenant to login. As he was shifting from folder to folder, navigating through highly confidential reports, battlefield simulation data, and downloading the AI code, the agents worked hard to track him to found out who he was and where he came from. 

Datastream cowboy though was bouncing around the world before launching the attacks, making it impossible for the agents to establish in which country he was.

As he left the Pentagon systems, the agents were chilled to see that he was trying to access a computer at a nuclear facility somewhere in Korea. 

The shocked agents saw a terrible crisis coming, in 1994, the United States was embroiled intense negotiations with North Korea about its suspected nuclear weapons program. If the Koreans detected the attack on their nuclear facility coming from an American airbase (Datastream cowboy has assumed an American military identity by routing his assault through the Rome laboratory computer) they would have thought that the attack was an act of war. In the end, they detect that his target was in South Korea, not the North and the security alert was over. 

In the view of the American military, Datastream cowboy was “No 1 threat to US security “.

The agents feared that Datastream cowboy was dangerous as they noticed that he didn’t hack alone. They would watch him attacking a military site unsuccessfully, retreat, send an email to ‘’Kuji”, who was a more sophisticated hacker than him, and then return to hack the site successfully. Their path was not easy to follow, they were weaving a path through computer systems in Africa, Mexico, and Europe before making the attack. 

Over 30 days, they tracked them hacking the Rome Laboratory more than 150 times, while Kuji was monitored attempting an attack on the computers of NATO HQ in Brussels.

The American military was so vulnerable because the Internet, and the computer communications system that had been developed by Pentagon scientists as a tool for survival after a nuclear war, and was opening up in 1994 to anyone in the world who had access to a cheap and powerful personal computer, this automatically opened the gates of military secret files to cyber-attackers.

It would be simple to shut them down but the Pentagon generals wanted to be found and put out of action. If they were to shut them down, they would survive to attack again, so their identities and the information they had stolen would remain unknown.

The cyber agents tried to track the stepping stones of Datastream cowboys’ before attacking them, they wanted to trace Datastream Cowboy’s path backward. Due to the huge amount of traffic in the network they couldn’t find the exact path. Then, by knowing the nickname of Pryce, some of the agent’s informants managed to found that Datastream cowboy hung out at Cyberspace, an ISP based in Seattle. 

Pryce, being naive and eager to engage with other hackers via email, got exploited without knowing it by an informant. He gave out his home telephone number to the informant, allowing the informant to know that Datastream cowboy lived in the UK.  

After the senior AFOSI agent contacted Scotland Yards’ computer crime unit, they located his house in Colindale, a suburb in north London. After examining the telephone lines, it was revealed that he was first dialing into Colombia and then using a free phone line from there to hack into the military sites. 

American agents wanted to catch Datastream Cowboy in the act, so they flew to the UK and meet with the British police to arrest him. 

On May 12, 1994, they parked outside his Colindale house and were waiting for the signal that the Datastream Cowboy was online. When the agent’s mobile rang, the officers, posing as a courier, knocked on the door. Pryces’ dad opened the door and the agents begun to search the house and found him on his computer in the house’s loft-room. Shocked as the agents were preparing to arrest him, Pryce collapsed on the floor in tears. To their surprise, agents who thought that they are going to arrest a dangerous criminal, just found a teenager from the Purcell School in Harrow, playing around on his computer. 

They arrested him and took his personal computer but he was released on bail on the same night.  The agent found dozen stolen files on Pryce’s hard-disk, including a battle simulation program.
Later they found out that he also downloaded an Artificial Intelligence file about a military project that was too big to be saved on his pc, so he had to save it in his own storage space at an Internet service provider that he used in New York.

Also, during the later subsequent police interviews, he was asked to name Kuji. He told the officers that he didn’t know him, or where he lived and that he was only talking to him online. 

The agents regarded Kuji as far more sophisticated than Datastream Cowboy because he would only stay on a telephone for a short period, not long enough to be traced. Kuji assisted Pryce but nobody knew what Kuji did with the information he collected or why he collected them in the first place. 

The Kuji file case

Pryce gave them a telephone number but it was a school library number in Surrey.

The detectives caught Pryce, but their main target then was Kuji, the fear that he could be a spy working for foreign intelligence agencies fueled them to push and arrest Kuji.

During the next two years of compiling evidence in the UK and US in the case against Pryce, the agents failed to turn in any evidence that might lead them to Kuji.

In June 1996, the computer crime unit went through the mass of information they got from Pryce’s hard drive again, a process said to took over 3 weeks, found what they were looking for. At the bottom of a file in the DOS directory, the name Kuji, and a telephone number next to the name were found. Pryce might not have even known that that information was on his hard drive because he downloaded so much information.

Kuji’s telephone number was a disappointment for the agents that thought he would be a foreign spy. The telephone number was based in Cardiff, Wales.
The agents drove up to the address and finally discovered Kuji’s identity to be a 21 years old Mathew Bevan, a computer worker with a fascination for science fiction. His room was covered with posters from X-files. 

Charges

Mathew was arrested on June 21, 1996, at the offices of Admiral Insurance where he worked.

He was convinced that if it wasn’t for Pryce he would never have been caught and that the only reason that Pryce got caught was that he mistakenly gave his number to a secret agent. He said to the agents that he wasn’t tutoring Pryce but just gave him tips here and there as he did for everyone.

Mathew also said that he had not even been alarmed when Datastream cowboy disappeared from the Internet. Everyone was joking with him on the emails that he might have been arrested. One year later when the story for Pryce appeared in the news, Mathew thought that he had escaped detection. He was charged the next day of his arrest with two counts of conspiracy under the criminal law act and later with three offenses under the computer misuse act.

Pryce had been charged in June 1995, 13 months after his arrest. With 12 offenses under section 1 of the computer misuse act and conspiracy three days before Mathew’s arrest. He said also later, that they embarrassed them by showing how many flaws their security had, in his own words “We embarrassed them by showing how lax their security was and that’s why they made out we had been a huge security threat. I’m now amazed by what I did, but I wasn’t surprised at the time. It was just my hobby. Some people watched television for six hours a day, I hacked computers.”

The first time Bevan and Pryce met in person was in July 1996, when they both appeared at Bow Street court and were charged with conspiracy and offenses under the Computer Misuse act.

Pryce was fined 1200 pounds back in March 1996 after admitting 12 offenses under the Computer Misuse act.

The conspiracy charges against them were later dropped and the remaining charges against Bevan were dropped in November 1997 after the Crown Prosecution Service decided it was not in the public interest to pursue the case.

Life after courts battle

Their case remains one of the most controversial hacking stories in American cyber-attack history. They both procced with different paths in their career.

 After Pryce’s computer was taken away, he didn’t even own a new one and stayed away from the hacking world

However, Bevan put his skills to good use and became an ethical hacker and security consultant with Tiger Computer Security, later he became a software developer of Nintendo Co., Ltd. and then created his firm, the Kuji Media Corporation.

Last thoughts 

Circumstances now are quite different from a security standpoint and the number of attacks that are happening every year is exceeding 30 million, in contrast to 250 thousand in the early 2000s.

Bug bounty programs and regulations over the years re-enforced the information security world but the game between criminal hackers and corporations/governments will continue happening.

There will be always ‘holes’ in any ‘security’ system, the main purpose of securing the system is to find the holes before any criminal find them first or mitigate the damages as soon as the vulnerabilities are found.

We hope that this write up has taught you something new. If you enjoyed it, the best way that you can support us is to share it! If you’d like to hear more about us, you can find us on LinkedIn, Twitter, YouTube.

 

Are you a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to Information Security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]