Triumph of a Hacker Sleuth

By Philip Elmer-DeWitt.

Peggy Leppik will never forget the day in 1983 when she opened the front door of her house in suburban Golden Valley, Minn., and found three Minneapolis police detectives waiting outside. Someone with a home computer and modem had tapped into the computer of a Minneapolis bank by telephone, and police had traced the calls to her 14-year-old son Peter. "My heart stopped," she says. "But I was confident from the beginning that he hadn't done anything malicious. I have lots of faith and trust in Peter." No charges were filed against Leppik, and his mother's faith was dramatically rewarded last week when his latest exploits brought strangers of another sort to her door: reporters and camera crews eager to learn how the precocious lad, now 15, had become a hacker hero, helping the Minneapolis police in a case against a suspected child molester.

Last month a 37-year-old Minneapolis computer programmer was arrested on charges of sexual misconduct with a 13-year-old boy. In the man's home, police found a Tandy Radio Shack TRS-80 Model III computer and several dozen floppy disks, which they suspected might contain incriminating evidence. The suspect, however, had "locked" his disks with a special software program. Only someone who knew his six-letter password, which he refused to reveal, could read the information they contained.

The police department's resident computer expert, Officer Robert Huber, was not familiar with the Radio Shack computer system, but knew someone who might be: Peter Leppik, whom he had met during the bank escapade and since befriended. After all the unfavorable stories about computer kids, says Huber, "it seemed like an ideal time to have a young person like Peter do something positive for the community."

The police drove Leppik to a nearby Radio Shack store, which had offered the use of one of its machines. It took him less than half an hour to familiarize himself with the TRS-80 disk operating system, the master program that tells a computer how to store and retrieve data. Says Leppik: "I realized right away that there was no way I could get the password by trying to guess it, so I had to find a way around it." After loading the data from an operating system disk (used for such housekeeping chores as making back-up copies of valuable disks) into the computer, he placed a disk belonging to the suspect in one of the machine's disk drives, and a blank disk in the other. He then called up the operating system's menu, which lists on the screen all of the commands the system responds to. One after another, he typed the commands into the computer. When he typed BACKUP, the computer responded by asking for the unknown password. The same thing happened when he typed COPY.

Finally, Leppik tried CONVERT, a program that Radio Shack distributed in 1982 when it introduced a new version of its operating system. It converts files written under the old version to the format used by the new one. But, as Leppik discovered, Radio Shack had neglected to build into CONVERT the password-protection feature. As a result, at the command CONVERT, the computer whirred obediently, picking up the data from the locked disk and transferring it in the new format to a blank disk. From there, Leppik was able to retrieve it and display it on the screen. Only 45 minutes had elapsed from the time he entered the store.

The content of the first suspect disk turned out to be a "diary" containing page after page of sex-related material that included male first names, general locations and descriptions of sex acts written in graphic detail. If the accounts on the disks prove to be fact, not fantasy, police will use them to bring additional charges against their suspect. Leppik, meanwhile, is trying to keep things in perspective and "not get a swelled head." Says he: "I'm still doing the dishes and making my own bed."

With reporting by Marc Hequet/Minneapolis