Matthew Weigman

Fascinating story of a 16-year-old blind phone phreaker.

One afternoon, not long after Proulx was swatted, Weigman came home to find his mother talking to what sounded like a middle-aged male. The man introduced himself as Special Agent Allyn Lynd of the FBI's cyber squad in Dallas, which investigates hacking and other computer crimes. A West Point grad, Lynd had spent 10 years combating phreaks and hackers. Now, with Proulx's cooperation, he was aiming to take down Stuart Rosoff and the Wrecking Crew — and he wanted Weigman's help.

Lynd explained that Rosoff, Roberson and other party-liners were being investigated in a swatting conspiracy. Because Weigman was a minor, however, he would not be charged -- as long as he cooperated with the authorities. Realizing that this was a chance to turn his life around, Weigman confessed his role in the phone assaults.

Weigman's auditory skills had always been central to his exploits, the means by which he manipulated the phone system. Now he gave Lynd a first-hand display of his powers. At one point during the visit, Lynd's cellphone rang. "I can't talk to you right now," the agent told the caller. "I'm out doing something." When he hung up, Weigman turned to him from across the room. "Oh," the kid asked, "is that Billy Smith from Verizon?"

Lynd was stunned. William Smith was a fraud investigator with Verizon who had been working with him on the swatting case. Weigman not only knew all about the man and his role in the investigation, but he had identified Smith simply by hearing his Southern-accented voice on the cellphone -- a sound which would have been inaudible to anyone else in the room. Weigman then shocked Lynd again, rattling off the names of a host of investigators working for other phone companies. Matt, it turned out, had spent weeks identifying phone-company employees, gaining their trust and obtaining confidential information about the FBI investigation against him. Even the phone account in his house, he revealed to Lynd, had been opened under the name of a telephone-company investigator. Lynd had rarely seen anything like it -- even from cyber gangs who tried to hack into systems at the White House and the FBI. "Weigman flabbergasted me," he later testified.

Posted on September 1, 2009 at 6:21 AM • 29 Comments

Comments

HarrySeptember 1, 2009 7:54 AM

Read the whole article. By accident or design, Bruce's excerpt is the most sympathetic part of the article.

ZithSeptember 1, 2009 8:38 AM

I didn't read it as sympathetic. Neutral, perhaps, but just from this he obviously played a role in setting up the whole thing that I assumed he knew was illegal, then found himself a good route to get out of punishment for it. It's no more sympathetic a tale than stories of once-criminal informants.

BF SkinnerSeptember 1, 2009 10:23 AM

@Harry

I agree with Zith. I don't read Bruce's excerpt so much as sympathetic as fascinated.

And this kid is facinating (a bit on the sociopathic side but then what adolescent from the wrong side of the tracks isn't?)

This kid HEARD the touch tone on a YouTube clip and skulled out Mitt Romney's phone number? Look forward to his recruitment by well funded semi-official collectors of information.

(Why am I thinking about Sneakers?)

wiredogSeptember 1, 2009 11:35 AM

@BF Skinner,
"This kid HEARD the touch tone on a YouTube clip and skulled out Mitt Romney's phone number?"

Back in the mid-90's a woman who worked at a company I was at could listen to a modem sync-ing up and determine what speed it was trying to sync at, what speed it did sync at, and if there were any errors. She could probably map the DTMF tones, too. There're only (AFAIK) 12 of them.

uk visaSeptember 1, 2009 11:35 AM

What a waste of talent... a sad waste of talent... In times past people like him would have been picked up by the intelligence community before he managed to get himself incarcerated for 11 years.

havvokSeptember 1, 2009 11:54 AM

@uk_visa
"In times past people like him would have been picked up by the intelligence community before he managed to get himself incarcerated for 11 years."

With everything that is going on in the intelligence community right now, I think we are reaping the rewards of shuffling those with sociopathic tendancies into organizations with awesome legal superpowers to avoid accountability for the ugly things they do.

RoySeptember 1, 2009 12:19 PM

It isn't hard to imagine 'swatting' to catch on with criminals as a way of hurting their business rivals. Emergency services have no defense against false calls. This vulnerability is inherent in our current system.

BF SkinnerSeptember 1, 2009 12:25 PM

@wiredog I was once sync'd a modem by whistling in the phone at it...ah the heady days of 75 baud.

SWAT must be darn well trained that they haven't gunned anyone down by mistake during these calls.

Harrassment probably not a criminal motivation (professional I'm thinking, not the psychos).

Easier and more certain to fink out a business rival to LEO

Deros68September 1, 2009 12:30 PM

@BF Skinner

"And this kid is facinating (SIC) (a bit on the sociopathic (SIC) side but then what adolescent from the wrong side of the tracks isn't?)"

No excuses - I grew up on the wrong side of tracks (no electricity - no running water) alcoholic father, drafted into the US armed forces and sent to Vietnam. Yet I managed to gain my MS degree and to live a good life with only 4 traffic tickets being my worst offense. See the book by Ezell Ware if you want to read an account of someone who overcame a lot more abuse, poverty and prejudice than I can imagine -yet- he and many others did not commit crimes like these. I am not blind but I do not vision in one eye. I have some sympathy for the kid - but at some point he must redeem himself from his own effort.

StacySeptember 1, 2009 12:49 PM

Ancillary point:

No need to introduce him as being blind: The whole "losing one sense makes the other senses keener" notion is a fallacy.

Bryan FeirSeptember 1, 2009 12:52 PM

@wiredog:

There are 16 DTMF tones, actually, composed from the combination of one each of four high frequencies and four low frequencies. The fourth high frequency (the A, B, C, and D keys) isn't used in normal phones, though it exists in some amateur radio phone patch equipment for repeater control.

I'm both an amateur radio op, and used to work for Bell-Northern Research.

DareverinearsSeptember 1, 2009 2:07 PM

Really, the "keener sense" thing is a fallacy? Is there research that indicates a person with only 4 senses does not more heavily rely on those 4 than a person with all 5 would rely on the same 4? It seems intuitive that the person with fewer senses would develop them more acutely, just like exercising specific muscles develops them. I can't quote academia to support my intuition, but would be interested in opposing research.

The blindness and absent father thing is clearly meant to sow sympathy. The FBI seems to have been kind to him, seemingly a mix of sensitivity to his background and personal challenges, his age, and use as an informant.

Reminded me of this story about the recently indicted hacker with Asberger's Syndrome:
http://www.wired.com/threatlevel/2009/08/...


When Mr. Weigman gets out of jail he'll probably make millions, just like Mitnick (referenced in Ciaran Lyons' Wired post) and Abagnale. I have trouble supporting their fortunes, but their methods are certainly effective and worth understanding.

Doesn't this boil down to the need for better authentication, as usual?

JasonSeptember 1, 2009 3:24 PM

I'm a little confused about the caller ID portion. I know you can fake your "surface" caller id (what would show up on someone else's phone), but I was under the impression that there was no way to fake the internal phone company caller id. Your phone is ultimately hardwired into the network....

RealistSeptember 1, 2009 4:59 PM

@Stacy
"No need to introduce him as being blind: The whole "losing one sense makes the other senses keener" notion is a fallacy.

True, it doesn't make the other sense keener, but it does increase your awareness and reliance on them, and thus your ability to draw on them. What becomes "keener" is one's USE of those other sense.

RealistSeptember 1, 2009 5:04 PM

@BF Skinner
"This kid HEARD the touch tone on a YouTube clip and skulled out Mitt Romney's phone number?"

Don't get overly impressed by something that is not really that hard or uncommon.

It's not like such a talent is uncommon. Plenty of musicians have the same capabilities -- think of people who can play a tune after hearing it only once. And its not as if touch tone codes are that hard to determine.

CareySeptember 1, 2009 6:44 PM

Jason: You can’t change your real caller information with normal equipment. It sounds like he had gained direct control of (some of?) the phone network via security flaws and social engineering, though.

RyanSeptember 2, 2009 4:40 AM

The article mentions FBI agent Allyn Lynd several times. He is also the agent behind the recent raids on data centers in Texas, which took possession of several companies' colocated servers. He probably bankrupted a few innocents in the quest to take down the scammers he was after. See http://www.wired.com/threatlevel/2009/04/...

It makes me sad to think about how much collateral damage there is in modern law enforcement.

BF SkinnerSeptember 2, 2009 6:35 AM

@Ryan - 'Probably' ?

Even if true isn't that what the colo's liability insurance is for? Or didn't the companies affected have contingency plans.

@Deros68 - Good on you.
The point of this article was that all these element's produced someone willing to use their skill and knowledge to satisfy their pique and frustration.
The kid sees himself as victim. Worms turning are a heart warming tale everyone loves. Right? He had a break, a humongous break. The FBI is not usually so lenient. He passed on it.

Power and a grudge; not a good combination.

We tend to spend little of our time in risk management reducing the threat variable. By incarcerating this one the threat is on ice; for a time.
Our prisons are crime universities whose students have nothing to do but swap scams. They know there is power in information networks if only they can crack it. We've done a favor for the criminal class by putting this broken tool into their world for lenghty indoctrination. What are the odds that a long stretch is going to show him the error of his ways. I think it is more likely to reinforce his self image as victim. He's ripe for recruitment.


@Realist - Can you do it? How many musicians can hear the other side of a cell phone conversation and recognize the voice from across the room? With all the video collecting on the net there is likely to be much harvestable material.

MisterfixitSeptember 2, 2009 7:09 AM

He'll be on early release and working full time a "S" Group, NSA. He'll have a LOT of phone lines to work with there. Lucky Boy.

Jonadab the Unsightly OneSeptember 2, 2009 7:46 AM

> Had the kid actually managed [to gain control
> of phone company switching equipment], I'm
> sure the piece would mention it

It does. Go back and read the article.

I don't recall whether it ever uses the word "switch" or the phrase "routing equipment", but it does say, repeatedly, that he gained control of phone company equipment or their "network". It even tells you (in general terms) how he did it: not by hardware hacking, but rather by social engineering, in conjunction with mimicking voices of phone company personnel.

> in sufficient detail

Granted, there's not much technical detail, but I am pretty sure that's because the piece was written by and for the laity.

And I think that's also why they said he spoofed "Caller ID", because that's something regular people are familiar with. And if you don't know the implementation details, the caller-identification technology that he presumably manipulated is conceptually very similar to Caller ID. The article's target audience (regular people) don't know that Caller ID is easily spoofed, or that 911 uses a different and much older identification technology.

Andrew DuffinSeptember 2, 2009 10:37 AM

The boy's abilities are remarkable, but not unprecedented.

When I was younger I could tell my father which jacket pocket his car keys were in just by giving it a shake - the jingling noise was quite distinctive, I found.

More recently, I used to dumbfound my colleagues by telling them the approximate temperature of water by pouring it onto a tiled floor and listening to the noise: higher temperature lowers the viscosity, and hot water makes quite a different sound to cold water - if your ears are good enough.

JWalkerSeptember 2, 2009 12:59 PM

@RonK

He was granted immunity while he was a minor. Once he became an adult and continued to break the law, they had to prosecute him. It wasnt the "man" breaking the deal, it was Weigman.

BF SkinneSeptember 3, 2009 6:33 AM

@JWalker "they had to prosecute him"

While I concur it was Weigman who screwed up and continued to commit felonies they didn't _have_ to prosecute him. Lots of crime brought to law enforcement are at the discretion of a range of people from the LEO to the prosecutor to the courts.

I would have prosecuted. A villian shows up at your house, where your family lives, with two buddies. That's a not subtle threat. He changed the threat dynamic and made controlling him a greater priority.

I still find it odd the FBIees didn't try co-opting him. There was an unsupported reference here to "he'll probably make millions, just like Mitnick ...and Abagnale".

Neither are making millions. And Abagnale was under direct FBI supervision and control for decades before they felt they could trust him as a collaborator rather than just use him as a convienent asset.

If Weigman would take the time in stir to study Farsi and the dialects of Arabic he might someday become useful.

AlexSeptember 8, 2009 8:46 AM

My grandfather was a valve-era radio technician, and the City & Guilds examination of 1949 included a practical test in which he had to diagnose a deliberately faulted radio by ear, in an exam hall full of other people with other radios doing the same thing...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..