Breaking and Entering

Jeremy N. Smith


Tall and tan and young and lovely . . .

It’s Saturday night at Bally’s Las Vegas and I follow a woman in black leather — jacket, skirt, boots — down the center of the casino floor. Her hair — also black — is twisted atop her head and held in place with chopsticks. She has on red lipstick and knee-high red polka-dot socks. A portable speaker clipped to her purse plays “The Girl from Ipanema.”

The woman — thirty-three years old? thirty-four? — passes tables for blackjack, three-card poker, and craps. Players turn from their chips to the source of the music. Several smile, entreating her to join them, but she continues through a thicket of ringing, whirring slot machines, emerging again in front of the casino elevators.

There’s a long line here, perhaps two hundred people, stretching to the end of the hallway and around a corner. Almost everyone is trying to get to the pool party a floor below or to the dozen other parties in Bally’s Skyview rooms twenty-five floors above. Making sure no one cuts are two huge bouncers with crossed arms and dark red badges that say goon.

The woman does not join the line. She smiles at the bouncers. The bouncers do not smile at her. They do recognize her, however.

The woman is a hacker. The bouncers are also hackers. And so are the two hundred people in line, and the several thousand already partying above or below.

In fact, there are close to twenty thousand hackers in Vegas this weekend.

“Access approved,” the bouncers say to the woman. They part — special treatment — and the woman passes between them: first in line.

The next elevator is hers alone.

Or ours. “I’m with her,” I tell the bouncers, and squeeze through before they can stop me.

A door opens and the woman and I step in together. “This is crazy,” I say.

“Is it always this crowded?”

The woman rolls her eyes, seemingly put off that of all the questions I could ask right now, I choose this one.

As it turns out, for the next year my life will largely become a series of such strange questions and the even stranger answers she provides.


Of all the ways I might have expected to start hanging out with a hacker, perhaps the last was an impromptu playdate for my daughter.

Alien recognized me first. We had met briefly, fifteen years earlier, when I was a senior at Harvard and she was a sophomore at MIT. By chance, we ran into each other again one fall afternoon. Each of us was out with our preschool-age daughter. Amazing — great to see you again! And the girls liked each other. Can we play together? they asked. Please?

We agreed. Our daughters cheered — and then ran off to a set of swings. We chatted casually for a few minutes. Then I asked Alien — not that this was the name I knew her by — what she was working on these days.

“Well . . . ,” she said. “Tomorrow morning, I have to break into a bank.”

My old acquaintance, I learned, was a professional hacker — or, as she put it to corporate clients, “a penetration tester and digital forensics specialist.” When institutions or individuals needed to test their security, either physical or virtual, she and her team were guns for hire. And if you’d already been breached, they’d identify what had been stolen, how, and by whom — plus recover any lost information and try to ensure that the problem wouldn’t happen again.

Even with frequent media coverage, hacking is actually dramatically underreported, Alien told me. Only a small fraction of discovered hacks are disclosed to the public. And most hacks are never discovered in the first place.

She knew because, time and again, she or her close associates had either done the hacking or cleaned up after someone else had.

I liked talking to Alien and she liked talking to me. Further conversations (and playdates) led to increasingly revealing accounts, including, at my request, stories about her personal and professional experiences with hospitals and law firms, airlines and art museums, police departments and the Pentagon. She also talked about finding community, fighting assholes, falling in love, and forming a mature adult life within the larger hacker world — topics completely missing in most accounts of hacker culture.

Some hackers have a well-deserved reputation for bragging, exaggeration, obfuscation, and outright lies. Alien, however, seemed modest by nature — earnest, soft-spoken, and reserved. (I had yet to encounter her as the leather-clad woman who parted the Red Sea of bouncers in Vegas.) Before becoming a writer, I’d logged time as a computer programmer, and I had enough early hacking experiences of my own to follow the outlines of her radically more sophisticated — and perilous — exploits. Every detail I could verify checked out.

One Sunday afternoon, when I was in town again where she lived, I asked Alien if I could meet her at her office. “Pretend I’m a potential client,” I said. “Give me the big picture.”

Alien agreed. “Here’s what you probably know,” she told me from across a conference table. “Hackers can break into your computer and cell phones, your company network or the network of anyone you do business with. They can read your email and texts, steal your business plans and credit card numbers, or take over your online identity in order to hack someone else.”

I nodded, shifted uncomfortably in my seat, and turned off my phone.

“Here’s what you probably don’t know,” she continued. “Only about thirty percent of hacks target a specific individual or institution. Some seventy percent are opportunistic — hackers trying to break into anything they can, and pursuing opportunities behind any open door. If your information is valuable to you, it’s valuable to someone else. No one is too ‘boring’ to be hacked, and everything has a price on the hacker black market.”

I tried to seem savvy and unfazed. In reality, I wanted to go home and turn off everything.

Not so fast. “Physical access is almost as easy,” Alien said. Someone with skills like hers could enter my home or my hotel room, my office or my safe. She could copy ID cards, impersonate customers or employees, tap directly into phone lines or data centers, and uncover surprising secrets from my trash.

I’m moving to a farm, I told myself. I’m going off grid. I’m bringing my family. And I’m buying a shredder.

At this point the formal presentation started. For an hour, Alien walked me through examples of hack after hack. The health insurer Anthem. Retailers Target and Home Depot. Even security companies like encryption pioneer RSA and defense stalwart Lockheed Martin. The more I learned, the more I was surprised — and alarmed — by how pervasive hacking was and how diverse its forms and targets could be.

It was a story I wanted to share with others.

“Hacking today is a profession,” Alien concluded. “There are well-organized cybercriminals, loose confederations of defenders, and governments and businesses often more motivated to maintain the status quo than to safeguard individuals.”

“Who are you?” I asked. “A good guy or a bad guy?”

Alien shrugged. “That depends on who you are.” At this very moment, she was willing to wager, there were hackers just like her, sitting in a room a lot like this one, only in China or Russia, Israel or Nigeria, England or elsewhere in the United States. “They’re the bad guys to me. I’m the bad guy to them.”

I closed my eyes and tried to remember the quiet eighteen-year-old woman I’d met half a lifetime ago. How did she become this . . . badass? And, given that her career spans the entire twenty-first-century history of hacking, what could she teach me about the evolution of a tiny subculture to an ever more powerful industry, both illicit and legitimate, touching all of us today?

I asked Alien to turn off the PowerPoint. “I want to buy you a drink,” I said. “And I want you to tell me your story. But this time, I want you to start at the beginning.”

Breaking and Entering Jeremy N. Smith