In the context of the article, I will attempt to provide a comprehensive account the events of October 1995 as well as the context in which these events took place. To a large degree, the validity of my account will be extremely hard to verify, due to the environment in which the events took place. In order to provide a means by which at least a partial verification becomes possible, I will provide a maximum number of names, and interrelationships. In spite of this, the account may well raise more questions than answers. Not in the last place due to the complexity of the issues and the fact that a lot of what is described here took place in the rather shadowy world of the intelligence community of which I was only a very small part. The objective for writing it in the first place is to provide a maximum of information to those affected by the course of events. Another objective pertains to my intention to initiate legal procedures against both the Department of State and the CIA in which case this article constitutes of an appeal to patriotic lawyers to consider picking up on my case. The account you are about to read is the truth as I experienced it during the period of my affiliation with the American intelligence community. Moreover it constitutes of an inside account of how certain people representing the Country overseas abuse the trust place in them by the people financing their activities with their hard earned tax money.

How I got involved with the CIA in the first place? In order to answer this we will have to go back to 1984 when I was working as a programmer in Jakarta Indonesia. During that period I was working, on contract basis, for USAID which in turn was sponsoring a large Data Base project for the Indonesian Ministry of Agriculture. The contract was awarded to Dasaad Data Systems, an Indonesian Software House. The American Person responsible for awarding those contracts was a guy called Dan Peterson, who himself was acting as Systems Manager at Pusdatik. It was Peterson who invited me to get involved with the project. During the bidding period he brought me in contact with Isaac (Ike) Dasaad and arranged that I would be included in the programming staff. The condition was that if Ike would agree to have one of Peterson's people on board (me in this case) the contract would be his. Although this was most certainly not in accordance to regular procedures Dan figured that given bad prior experience with Indonesian contractors it would be desirable to get some inside control.

After Dasaad had obtained the contract it became clear that there was a working relationship, between Dan and Ike, in which the objective was to divert some of the Development Funds to their own pockets. One of the reasons to get me on board was the consideration that I would be able to get Ike into some Dutch contracts.

During that same period, I got in contact with some people within the Indonesian Military Forces amongst whom was the than retired General Untung, who at some stage gave me a report on Dasaad relating to his involvement in a multitude of corruption affairs. During the months following this conversation, it became obvious that large sums of money were indeed diverted from the project. Shortly thereafter, proposals were made to participate in their corruption scheme.

Given the information I had obtained from Untung and the fact that there were concrete proposals, I issued a report to Mr. Clark who at that time headed the USAID mission Jakarta. The result of this contact was that an investigative team was flown in from Manilla. This team consisted of an accountant and a field agent who went by the name of Vino.

After some discussions, it was decided that I would stay inside of Dasaad Data Systems for as long as it was save in order to collect as much as possible evidence. The main concern at that time was that Ike might well be aware of my contact with General Untung and given Dasaad's record of accomplishment I easily could get into some serious danger. It is well known that in Jakarta some things come real cheap. As however at that time an affiliation existed with an important General within Kopkamtib, something Ike very well knew, I felt it unlikely that Dasaad would burn his fingers on me.

The end of the story was that Dan Peterson was declared persona non grata and expelled to the US while Dasaad lost the contract. Given that it was no longer save nor useful to hang out in Indonesia, I went to the Netherlands where I was assigned to the American Embassy.

During the first three years of my employment with the State Department, most of my activities centered on bringing the Embassy Computer Center up to scratch. During the period before my arrival, it had deteriorated into a total mess. Although I was hired as a programmer/annalist a lot of time was spend on operations. It took Stefan Galewicz, the Operations Manager and myself about three years to transform it into something which worked. At the end of that period things became real boring especially as with the arrival of Mr. Lutkosky, the Systems Manager, the whole thing went into a virtual stasis. One of the main reasons for this was that, after having established a platform to work from, Mr. Galewicz somehow decided for himself that further progress would be undesirable. This is not to say that no work was done anymore but the objectives became more of the same rather than innovation.

The result was that I began intensifying my contacts with Mission Plans and Programs and in particular Mr. Sierra who at that time was the CIA station chief. Given that I had been active in Indonesia and that clearly, I was not very satisfied with my work at the State Department he was wondering whether I could not do some work on the side for him. In return, I could get some protection in an upcoming conflict with the Admin Department.

Unfortunately, Sierra soon after got into some problems relating to a case, which went sour. As he was working on a project involving, a Utrecht based Filipino opposition group. The attempt was made to buy a Filipino citizen (a passport) in order to get on inside of it. The Dutch authorities had become aware of the scheme and a little outcry was the result, some questions in the Second Chamber. At any rate, the position of Sierra had become somewhat difficult and soon after he was reassigned elsewhere.

Personally, I had no involvement in this case other than that I had shared some information with him regarding opposition groups in Indonesia and the Philippines, information that I had obtained during my stay in Indonesia.

After his reassignment, Mr. Parker became the new station chief and soon after he contacted me referring to the Sierra proposal. There were two areas of concern in which he felt that we could cooperate. First there was the issue of the Defense System Penetrations and second there was the issue of a computer crime law, which at that time was under development in the Netherlands. Initially he main objective was to get as much as possible information on what this law would be all about and in how far it would correspond to demands made by the US Government.

Soon after the emphasis shifted to possibilities to get inside the DDU. In the context of the Defense issue, he told me about the attempted sale of Missile and troop disposition related information to Iraqi intelligence. A number of name's/aliases were mentioned. Rop Gonggrijp, Marcel Katz, RGB, Mici, Nonsenso and possibly The Saint/Prowler as the hackers involved in the operation. Earlier attempts to get Gonggrijp and Katz extradited to the US for involvement in hacking and espionage had failed largely due to Dutch obstruction. As far as his information went, the attempted sale was conducted via a German citizen by the name of Hordik.

During that period Parker himself had accounts at Utopia and Comsat and was slowly working himself in. In his view, it would be best if I would focus on Comsat as once I would have obtained shell access there the gates were open to get accounts elsewhere. At first Parker decided that the State Department would not receive any information about my activities for the CIA, as this potentially could have lead to an internal conflict. The relationship between State and MPP was already at a low due to the Sierra debacle.

At the very beginning of the project however Parker became aware of a serious problem. During a visit at Mr. Gewecke's house, the Deputy Chief of Mission, it expired that Tom was roaming around on a number of BBS's among which Utopia, Comsat, and Operation Hackerstorm. Luckily, he was using an alias but Parker felt that if somebody would find out about his identity, the shit would hit the fan. The idea that while the CIA was running an operation against a number of hackers in the Netherlands without having consulted with the Dutch, the Deputy Chief of Mission would be detected being active in the same area's was not really attractive. Result was that Parker informed Tom about

The fact that the CIA had targeted at least two of those boards and that he had recruited me to infiltrate the hacktic domain. Moreover, that it would be hard to explain that the second highest official of the American Embassy was hanging out on hacker boards asking all kinds of questions. The unexpected effect was that Tom supported my involvement with Bill, and even went so far to order the Regional Security Office to close their eyes for alternate use of State computer equipment in the context of this project. Ironic is that when in 1995 a similar project went to pot Gaines, the Regional Security Officer at that time, loudly complained about the use of exactly that equipment. From that time on I began spending at least 50% of my time with Bill, both from my home as from the office. The information I obtained regarding the nature of the hacking operations, during that period, originated from Parker. Supposedly, Parker had a contact within the BVD who he informed about the infiltration thing.

Initially my role consisted of downloading tons of data and copies of public statements for translation and deliverance to Parker. In the mean while I the approach chosen was to pose as a newbie who didn't really know Jack Shit about computers and Unix in particular. Ask as many as possible questions while faking a specific goal. The main angle was that I was looking for ways and means to get into Peabody Coal Mining Corp computers in order to extract information about their activities at Black Mesa. I approached the issue using two identities, first as myself and second in the form of a female alter ego taking enormous risks in order to get at relevant information. Lately there have been some accusations made by Mr. Rodriguez (former Nonsenso) to the effect that during that period I would have incited people to engage in illegal activities. Nothing could be further from the truth hacking was legal in the Netherlands at the time. It is funny that this is a point he himself likes to make. Second, even though I had some offers by people who would have been willing to do the job for me (actually for one of my alter ego's), I emphatically stressed that I could have nobody taking risks on my behalf.

As time went by, we discovered that the use of alter egos was highly rewarding however at the same time highly complex. Especially as spawning four or five often mutually conflicting personalities required considerable efforts in order to avoid overlaps. We spend some serious time exercising the interaction between different personalities. In a sense we did use some Scientology like methods to achieve this however enhanced by the application of a brain-machine and binaural recordings. There were two areas in which such methods were applied: 1) Memory Enhancement 2) study and induction of multiple roles. In respect to Memory Enhancement, it would be more accurate to describe it as regressive hypnosis applied to debriefing. The induction process functioned along the lines of protracted sessions in which initially a single alter ego was mocked up and his/her history, language use and various characteristics defined. Subsequently aspects of the defined entity were reinforced by means of the application of bin-aural recordings interspersed with suggestions such as for example I Xora hates cops. Subsequently other entities were defined and reinforced using the same methodology. Finally, the various entities were engaged in interaction. This process had two basic stage's first series of questions were fired of to individual entities in random order in which the responses were evaluated against the definition of the entity addressed. In a second stage, each individual entity was brought in discussion/conflict which each other entity of which each reaction was individually evaluated. Later I would come to call this Controlled Induced Multi Personality Syndrome. Question is who was in control, as at that time I would consider myself in full control of both each step of the process as well as the underlying objectives. According to my wife however, who noticed rather serious changes in my attitudes, I was by no means in control of what was going on. Until today, I cannot really determine whether one or the other is true. All I can say about it is that in my recollection there was nothing which I did not experience without my consent and in the context of my own objective to enhance my ability to take on role's.

Interesting is that even today a number of people on a.r.s. are detecting considerable differences in the styling of my postings, even to the extent that theories are circulating in which it is suggested that at least some of my postings were written by a ghostwriter. I can assure you that at no instance did I have anybody else writing my postings for me.

Returning to the main line of the article, while we found that the application of multiple personalities was a highly rewarding method it became clear that it would be desirable to institute an own BBS within the Hacktic domain. The main advantages were that it would be a virtual breeding ground for faked personalities while at the same time it was easy to enhance control. System logs could be manipulated such that it became possible to fake my own absence, change local logins to remote etc. While the newbie approach had worked fine so far, we knew that at some stage a further step would have to be made. Either one looses ones credibility or one turns to actual hacking in order to proof something to the crowds. Clearly engaging in such activities and especially when involving penetration US based systems potentially could cause a heap of problems. Whereas in the Netherlands there was no law which could stop the hacking problem in the States it was clearly illegal. In the Netherlands, there would be a problem; it surely would look bad if caught in the act. The solution was to profile myself by means of politicizing the issue of hacking. As rather early on we had one of the users of Utopia identified as a CRI agent, it seemed a good approach to single him out for extensive ideological conflict. This became even better when he publicly identified himself as being a CRI officer in charge of computer crime. Mr. Onderwater at that time was doing his utmost to convince people to take their responsibility and measure the consequences of hacking activities after the new law would have gone in effect. I must say that the manner in which he operated in public deserved respect and clearly was inspired by honest concern for many often very young people who were attracted to the hacking scene. Contrary to what people like Felipe Rodriguez and Rop Gonggrijp tend to claim much of that attraction resulted from publications in Hacktic Magazine.

The choice we had made for political activism seemed to work pretty well and as it dragged on both a number of my own alter egos as well as other individuals from within MPP became involved in firing things up. One major advantage was that it allowed Newkid to become strongly aligned with what I would call the purists. This became even more interesting after the arrest of a guy who called himself RGB. The arrest itself was for a minor break-in; it did make him one of the law's first "victims". Interesting in this context is that RGB was in fact one of the people who were under investigation for the defense issue. After his arrest, a massive support campaign was initiated in which he was portrayed as the victim of nasty and overzealous law enforcement officers. Of course, Hacktic Foundation of which RGB has been a longstanding member declared its solidarity with the poor slob. Not long after his release however this would turn out to be nothing more than words originating from Mr. Rodriguez and to a degree from Gonggrijp. What had happened was that the former Hacktic crew founded XS4ALL and was undergoing a metamorphosis from radical Hackers to decent IP's. The result was that it seemed opportune to refuse RGB an account on XS4ALL. This caused a rift in the Dutch Hacking Scene, which became an ideal fishing ground for people like myself. It was in the context of this conflict that we managed to get Marcel Katz to spill his guts about the Defense Systems attack. Given that at time he was real scared to become the target of some American kidnapping operation he was desperately looking for way's and means to protect himself. It became clear that he and some of the other did indeed penetrate those systems and had been able to get to interesting information. However, at the same time it also became apparent that it was highly unlikely that he ever been involved in the actual attempt to market the information to the Iraqi.

Parker would consistently point at Rop Gonggrijp as 1) a hacker active in the attacks on defense systems 2) a radical who was instrumental in the subsequent attempted sale. Interesting is that Eugene Shultz, who at the time, did a lot of the tracing and was able to identify a number of the hackers involved, told me that the name Gonggrijp was consistently being brought up by the three letter people. During Eugene's, own investigations he never identified Gonggrijp as being active as a hacker in the attacks in question. From ongoing talks with Mr. Shultz, it becomes obvious that apart of tribal wars between different agencies involved it seems that it was the CIA who was out to get Gonggrijp implicated in the affair. From my own contacts in the scene Rop nevertheless did play a role and did obtain logs and copies of files obtained. As in the case of Katz, it seems obvious that he was by no means politically motivated. As I have said on earlier occasions Katz was what I would call a pure hacker who was motivated by the challenge.

Given that Gonggrijp was not one of the people traced and identified, it seems irrational that both Eugene and me were pointed at him. In fact, Mr. Shultz told me that he was feeling bad about bringing is name up. From what I have learned during the infiltration period and from information supplied by Mr. Parker the explanation is that Gonggrijp was well positioned to play an intermediate role in the establishment of contact with Iraqi intelligence. As I pointed out earlier and as it was observed in the so-called Svenson posting Rop can be classified as political radical leftwing and maintained extensive contacts in a variety of radical organizations including RaRa. As I hinted at somewhat earlier in this article the actual contact with the Iraqi's was made by a German national by the name of Hordik. There is no direct link between people like Marcel Katz and this Hordik however within Gonggrijps environment such links did exist. Identifying the exact lines of interaction is hard for me to do, as Parker would share some information but not all. Information was supplied on a need to know basis mostly in the form of "try to find information on this or that individual for this or that reason." What however can be said is that Joost Flint, who currently is the coordinator of dds.dds.nl , and a close associate of Gonggrijp does qualify as a chain in the link to Hordik. Joost is a former member of Onkruit a fanatic anti-militaristic action group. Onkruit, which in turn was the breeding ground for RaRa, was involved in break-ins into military installations with the objective to cause damage, stealing weapons and collecting information for subsequent publication. Joost Flint was one of the people who did pretty much fit the profile to be involved in the theft of missile related data with the objective to forward it to the Iraqi Government. Not so much for the money or out love for Saddam but plain and simple to damage the military establishment. In his response to the Svenson posting Gonggrijp pointed out that given his age he could not possibly have been involved in some of the groups and actions mentioned in the posting. I tend to agree with him that in the context of the Svenson posting some degree of overkill was applied in order to demonize him. Nevertheless, much of the connections described are accurate and verified.

On the subject of the Svenson posting, it has been said that I was the author of it and probably wrote it in an attempt to Dead Agent Gonggrijp and thereby indirectly XS4ALL. The original posting was made by Carl Svenson (he-manny@dds.hacktic.nl) on November 4 95. This was about a month after I was dismissed by the Embassy in relation with a sting, which went foul (more about that later in this article). Svenson claimed that he posted this message on behalf of a friend of his. Although I most certainly could have written that particular article, I was by no means involved in it. However, from the information we collected at the time, I have to conclude that it was at largely accurate. There are a number of aspects are missing in particular the links into Germany and Hordik. Question remains who was the actual author of it and why it was written in the first place. To an extend I would agree with Mr. Rodriguez that given the period in which it was published there would be a link to Scientology and in particular Frank Marshal. At the time of publication, Marshal had received at least some background information on the real objectives of the sting. It may well have been that he or others within OSA may have found it opportune to apply it in the context of a DA attempt against XS4ALL.

My apologies to the reader for overtaking myself but please bear with me for a moment until some of the names and events are placed into context. For now it suffices to note that there is a clear trajectory from the actual hacking team (Katz, Mici, RGB and a few others) to Gonggrijp a from there via people like Flint to Hordik and into Iraq. I am well aware that there are still holes and that the actual route may be slightly different but essentially it covers it. In addition, it does explain the emphasis placed by the CIA on Rop Gonggrijp in spite of the fact that most likely he was not part of the actual hacking team.

Recently there have been a number of discussions relating to the expressed irritation on Eugene's part with the numerous factual errors and misquotations in a BBC documentary relating to the subject matter. Some took the opportunity to dismiss the whole issue based on the assumption that if there were errors in the documentary it would be fair to say that there was no issue at all. In fact some even launched theories in which it was assumed that I or a sinister group of people I would be affiliated with somehow pressured the BBC in setting a stage for some of my assertions. Although it is somewhat flattering to be considered of such importance that the BBC would hurry to accommodate, it is needless to stress that this is a ludicrous thought. After having been in contact with Gene it became clear that indeed in a number of instances the documentary was severely flawed, much to his own disappointment considering the good reputation the BBC enjoys in relation to the quality of it's documentaries. Nevertheless the assertion that in fact nothing bad has happened is most certainly not his. At a great number of instances, effective traces were made leading to a group of identified Dutch Hackers. In many instances his work was hindered by tribal wars among the different agencies involved, something which in itself doesn't come as a great surprise to me. It may not be completely new to many that when more than one Government agency feels in charge of a particular case each for itself will strive to achieve dominance. A serious problem, at least to the people I was working for, was posed by law enforcement which would be totally focused on arresting one or the other individual forgetting about the overall picture. Another aspect was that in a number of agencies there was no clear understanding of the nature of computer crime. To a large degree, the mutual conflicts among the agencies may well have contributed to the fact that no successful action ever been taken against the people who were identified.

To illustrate the problem, at a particular stage it was arranged that Marcel Katz would have gotten the opportunity to take a job in Florida. The objective was to lure him into accepting it in order to get him on US soil were he could have been arrested. However, what happened was that he was warned off as the result of a fuck up at CERT. Lack of coordination, incompetence, and mutual obstruction were the order of the day. Looking at the 95 events this seems symptomatic for the interaction, or much more the lack of it, among different agencies.

Nevertheless judging from an initial comparison of notes the resulting picture is pretty much the same as far as names and situations are concerned. Also in regards to the attempted sale the information we had obtained was identical and most likely originated from similar sources. Interesting was that we seem to feel the same kind of frustration with the manner in which the whole thing seemed to have vanished into nothingness.

Returning to the early nineties and the establishment of an own BBS, which had become a neat information-collecting device, a problem arose when Mr. Onderwater of the CRI was becoming overly interested in the activities of Newkid. At some stage, it became apparent that my BBS was bugged and Onderwater had become privy to some of the discussions between me and one of my users. Interestingly it was Onderwater himself, who provided the first indications. This was shortly after I had invited him to get an account on Stycx, Prowler and myself were kind of jokingly discussing reading the guy's mail and keeping a good eye on which newsgroups he would join. Somehow, he felt compelled to use this discussion in one of his postings in which he practically transcribed it. Soon after Mr. Parker had it confirmed that indeed there was a bug on my line.

It would not be the first time that Onderwater was transparent during the endless exchanges between him, Newkid, Mona, Todd and several of other. In February/March of 93 both his theories and tactics were known, largely to his inability to not give himself away in the course of discussions. Among some highly commendable aspects of his character, Harry had some clear weaknesses, which by the way are common among Law Enforcement People, one of, which was the need to proof his superiority by sending half-intentional signals. A very nice example was when in the course of an ongoing discussion he had to show me that he had me figured out. In a real stroke of genius, he constructed a context in which he could hide the message "You are a CIA operative" in the hope that somehow I would be impressed by it.

Harry Onderwater: "...Damage is not only measured by loss of data or time invested. Damage is also the loss off confidentiality, integrity or availability (Yes, I know that the abbriviation is CIA but these are the official terms used in auditing) J ...."

After a short evaluation, we decided that it was highly likely that indeed he was sending a message. If it were indeed a message than responding to it would probably be received as some form of acknowledgement of reception. The responds drafted such that if he did send an intentional signal we understood it, but also a hidden invitation to clarify him self along the lines of how-in-the-hell-do-you-know.

My answer: "Seems these three letters appear in virtually any context..."

As we knew that my line was tapped and it had to be assumed that this was not so much because he thought that I was real nasty hacker who at any time could slip in to maybe even his own system. We shifted the emphasis towards privacy issues in the context of eavesdropping. Some questions, in that direction, were included into the responds. A few hours later we issued a posting in which we probed his views on infiltration.

Two day's later a somewhat nervous responds was received from Onderwater in hacktic.heibel, in which he clearly asked for time while answering to two rather general questions in a very formal manner. Two aspects however were interesting, first he felt a clear need to expand the discussion over a larger group of participants and second that he was in conflict with the legalities of a possible cooperation. Crowding the discussion with the introduction of new and more participants made perfect sense, the more trees the less visible forest. In order to more clearly illustrate the process I will include relevant parts of the than ongoing discussion.

Harry Onderwater: "The value of information in Court always depends on the way it was obtained. If it's legal by law to get it a certain way and there is an official permission given by a judge to obtain it that way, than there is no restriction on that evidence. But as you can read in the law, judges can only give permission for methods that are legal by law...."

At that, stage in the ballgame there was a frantic message exchange between Parker and me as if just if some form of pact could be hammered out. In which Newkid could act as a go between in an informal link between the CRI and the CIA. New and highly rewarding roads could potentially open. Also from our side, there also was a definite need for a little time to improve our profile on Onderwater. This was done along a double track in which an explicit offer was made while on another track Harry became, let's say a study object, for some other people.

Newkid: "...The question however remains in how far and under which circumstances eavesdropping or hacking would constitute a legal method of evidence acquisition in the sense of it's applicability of such evidence in a court of law. From your statement I have to extract that the method applied has to be legal (this would exclude torture) and there must be an authorization by a judge, for example a search warrant or an explicite authorization for the use of eavesdropping techniques. As eavesdropping has an considerable effect on the privacy of the target, I have to assume that such authorization requires that :

There is more than just a hunch That the possible crime committed exceeds a certain level of severity. My question than is too which extend can this method be applied on the digital underground and under which set of circumstances. Is for example the assumption that on BBS X some people may possibly exchange relevant information relating to ongoing hacking/phreaking projects, sufficient to get such authorization. Or should there be more than that..."

In order to accommodate Harry in his desire for crowding while realizing that part of the crowd would have to consist of at least some of his peers. From our side we decided to increase our own presence while in conjunction getting some heavy artillery in place (Mona van de Story, who by that time was pounding Harry in another context). No way Harry still ain't gonna give her away, she was too sweet for that.

Within a very short time, the discussion was expanded, first by a guy called Joepa hooked in on a sub discussion focussing on overcurious sysops. The subject was modeled around Stefan Galewicz who kicked in a very sickly way on snooping in people's private e-mail. Much as if e-mail was something of a peepshow for mentally disturbed sysops. In addition, however he opened a new line by stating "Remember not only Big Brother is watching you. There are other players in the game, too".

[Continued in Part 2]