The 414s: The Teenagers Who Made Congress Notice Hacking

Zusammenfassung

In the summer of 1983, a group of teenagers from Milwaukee, Wisconsin broke into over sixty computer systems, including the Los Alamos National Laboratory and the Memorial Sloan-Kettering Cancer Center. They caused minimal actual damage, stole nothing of value, and were prosecuted under laws that barely covered what they had done. But their story appeared on the cover of Newsweek, prompted emergency congressional hearings, and directly produced the legal framework that would criminalize hacking for the next four decades. The 414s — named after Milwaukee’s area code — were not the first hackers, but they were the first hackers that America noticed.

The Group

The 414s formed around the Milwaukee Area Computer Enthusiasts club in 1982, a loose network of teenagers who shared an interest in personal computers and telecommunications. The core group included Neal Patrick (the oldest, at nineteen, and the one who would become the public face), Tim Winslow, Gerald Wondra, and three others.

Their equipment was ordinary: Apple II and TRS-80 computers, 300-baud modems, and telephone lines. Their technique was simple by later standards — automated dialing through number ranges (war dialing), looking for computers that answered, then attempting default passwords and known vendor backdoors. It worked because the systems of the era were connected to telephone networks with minimal authentication. Many systems used manufacturer default passwords that administrators had never changed. Some had no passwords at all.

The group’s motivation was exploration rather than profit. They were not attempting to steal data, disrupt operations, or cause damage. They wanted to see what was there.

The Systems

Between 1982 and June 1983, the 414s accessed systems across the United States and Canada. The list included:

Los Alamos National Laboratory — the nuclear weapons research facility in New Mexico. The 414s accessed unclassified systems; they did not reach classified networks, which were air-gapped. But “teenagers accessed Los Alamos computers” produced exactly the alarm one might expect.
Memorial Sloan-Kettering Cancer Center in New York — where they accidentally deleted billing records for approximately 200 patients. The deletion was unintentional; recovery cost the hospital time and staff.
Security Pacific National Bank — one of the largest banks in California.
Several other corporate, university, and government systems.

The Sloan-Kettering incident was the most consequential. Patient billing records are not national security, but a hospital discovering that unknown outsiders had modified its computer systems had no way to know what else might have been changed. The question of whether medical records had been altered — and whether that alteration could affect patient care — was genuinely frightening.

The Arrest and Aftermath

The FBI was alerted through a Canadian computer security researcher who had noticed the intrusions. In June 1983, Milwaukee police and FBI agents visited the homes of the group members. The teenagers cooperated fully. Most had no idea they were doing anything seriously illegal.

They were largely correct about the legal situation. In 1983, there was no federal computer crime statute. The only available federal charge was wire fraud — using interstate telephone communications to commit fraud — which required proving fraudulent intent and financial gain that prosecutors could not demonstrate. Wisconsin had no computer crime law. The teenagers ultimately faced minimal legal consequences: most received probation or immunity in exchange for cooperation. One member pleaded guilty to a misdemeanor.

But the political consequences were immediate and large. Neal Patrick testified before the House Subcommittee on Science, Space, and Technology in September 1983. He was nineteen years old. Members of Congress asked him to explain, slowly, how a teenager with a personal computer and a modem could access a nuclear weapons laboratory. Patrick explained, slowly.

The WarGames Coincidence

The 1983 film WarGames — in which a teenager hacks into a military computer and nearly starts World War III — was released in June 1983, the same month the 414s were arrested. The timing was coincidental but politically significant. The film had put the concept of teenage computer intrusion into public consciousness days before real teenage computer intruders appeared on the news. President Reagan saw WarGames and reportedly asked his Joint Chiefs whether such a thing was possible. They came back a week later with a classified briefing. The CFAA’s momentum owed something to Hollywood’s timing.

The Congressional Hearings

When Neal Patrick appeared before the House Subcommittee on Science, Space, and Technology on September 26, 1983, he wore a suit and looked younger than nineteen. Representative Dan Glickman of Kansas opened the session by describing hacking as a threat equivalent to wiretapping. Members of Congress had brought their staff’s TRS-80s to the hearing room to demonstrate their seriousness.

Patrick testified for several hours across two sessions. He explained, at the committee’s request, how the group had used war-dialing — automated sequential dialing through telephone number ranges — to identify computers that answered. He described the default password problem in detail: many systems used vendor-supplied credentials that administrators had never changed, or no passwords at all. He explained how they navigated systems once inside: exploring file structures, reading documentation files, understanding what data was stored and where.

The congressmen were most disturbed by the Los Alamos access. The nuclear weapons laboratory used its computers for unclassified administrative work as well as scientific computation, and its unclassified systems were connected to telephone lines the group had found by dialing. The classified weapons design systems were air-gapped — physically disconnected from outside networks — and the 414s had not come close to them. This distinction did not fully penetrate the political atmosphere.

Representative William Hughes of New Jersey asked Patrick whether someone with his skills could cause real damage if they wanted to. Patrick said yes. Hughes asked whether he personally had wanted to cause damage. Patrick said no. Hughes asked how anyone was supposed to know the difference.

The question went to the heart of what made the 414s’ case politically explosive: the law as written in 1983 could not distinguish between exploration and sabotage because it barely covered either.

The Other Witnesses

Patrick was not the only witness. Gail Thackeray, an Arizona assistant attorney general who had prosecuted computer crimes under state law, testified about the inadequacy of existing federal statutes. Donn Parker, a computer crime researcher at SRI International, provided a taxonomy of computer crime types and their economic impact. The hearing’s record runs to hundreds of pages; Patrick’s testimony was the public spectacle, but the legal arguments that shaped the subsequent legislation came from the prosecutor and the researcher.

The Legislative Consequence

Congressional hearings in September 1983 produced six different competing computer crime bills. The process of reconciling them took two years of committee negotiation between competing visions of how broadly the law should extend and how severe penalties should be.

The result was the Computer Fraud and Abuse Act of 1984 (CFAA), signed by President Reagan in October 1984. The original statute was deliberately narrow: it covered unauthorized access to computers containing classified national security information, financial institution records, or federal government data. Congress was cautious about over-criminalization, and the 1984 version reflected that caution.

The 1986 amendments significantly expanded the law’s reach. Driven partly by the WarGames-inspired anxiety that had never fully dissipated, the 1986 CFAA extended coverage to any computer “used in interstate commerce” — initially interpreted to mean computers involved in financial transactions or communications, eventually interpreted by courts to mean virtually any networked computer. The 1986 amendments also added provisions covering unauthorized access to financial institution computers, theft of information, and the introduction of malicious code.

Subsequent amendments in 1994, 1996, and 2001 (post-9/11) expanded the statute further. The 2001 USA PATRIOT Act amendments added computer damage causing injury to national security or public health and safety to the list of covered offenses and increased maximum sentences. By 2008, first-offense computer intrusion could carry up to ten years in federal prison; repeat offenses up to twenty.

Dead End: The CFAA and the Overcriminalization Problem

The Computer Fraud and Abuse Act, written in response to six teenagers who caused minimal harm, became one of the most criticized statutes in American criminal law.

Its central problem was the vagueness of “unauthorized access.” The CFAA did not define authorization clearly. Federal courts split on whether violating a website’s terms of service — a civil contract issue — constituted unauthorized access for criminal purposes. Under some readings, lying about your age on a social network profile was a federal crime. Researchers who tested systems’ security without explicit permission could face prosecution even if they reported what they found.

Aaron Swartz, the programmer and activist who had helped build RSS and Creative Commons, was charged under the CFAA in 2011 for systematically downloading academic journal articles from the JSTOR database through MIT’s network — downloads he performed without permission but with stated goals of academic access. The charges carried potential sentences of up to 35 years in federal prison and $1 million in fines. JSTOR, the nominal victim, declined to cooperate with the prosecution. Swartz died by suicide in January 2013, at 26, while the charges were pending. His case became the defining illustration of prosecutorial overreach under the CFAA.

The 414s — the case that built the law — were never asked whether the statute they inspired was the one they would have written. Neal Patrick gave occasional interviews in subsequent decades. He became a computer security professional. He expressed regret about the Sloan-Kettering billing deletion and about the alarm their actions caused. He did not express a view on the legal architecture their adventure had produced.