[This article appeared in the Chicago Tribune in early 1981.]

Teen computer whizzes shut off DePaul system

CHICAGO (UPI) - A high school student's prank that sabotaged a university computer has banks and other businesses worried about the security of their own computer systems.

"There's quite a bit of concern," Douglas Ellis, a police investigator, said Tuesday. "If someone of this age has the ability to get into a computer system which an institution feels is relatively secure, that in turn would make other institutions who have compatible systems take a look at that security."

Two youths, both high school computer science students, gained access to the computer at DePaul University by telephone and shut down the entire system. It cost DePaul $22,252 to purge the system and find and correct the security breach.

"These kids are exceptionally bright," Ellis said of Brian Catlin, 17, and a juvenile whose name was not released. "Someone said that it couldn't be done, and they spent approximately a year proving that they could do it. And they did."

The juniors, in their class at Fremd High School in Palatine, were using a computer terminal hooked up to DePaul's computer system by telephone. All they had to do was dial the computer number on the phone.

During the week of September 17, the two high school students "broke into the DePaul University Hewlett Packard 2000 computer system and caused a complete shutdown of the university's computer," Ellis said.

"Once they gained access and were able to log onto the computer, they altered the programs and created their own programs."

Computer courses were shut down, research data could not be retrieved, and student tuition payments and account activities were not picked up in the computer.

The computer was shut down Sept. 17-19. After partial services were restored, authorities said, the culprits threatened to shut down the system again.

Both teenagers were charged with theft of services. Catlin was to appear in Misdemeanor Court Jan 13. His friend, who is now 17 but was 16 at the time, was scheduled to appear in Juvenile Court Friday.

But even more important than the DePaul shutdown, investigators said, was the question of what the computer whizzes would do next.

"What they consider nothing but child's mischief could result into a bigger problem for someone else," said Ellis.

He said the youths could be sentenced to jail terms, but probably will not receive anything more than supervision.


[This is exerpted from an article that ran in The Daily Northwestern in November 1983.]

The inadequate security of one campus computer made headlines in September 1980 at DePaul University in Chicago. The school's registration week was thrown into confusion when two 17-year-old high school students, using home computers connected to phone lines, held the university computer hostage for several days.

The students shut the system down and held control, communicating with DePaul officials via computer. They demanded expensive computer software as ransom.

The youths were tracked down and apprehended, but the siege cost DePaul more than $22,000. It also raises discussion on how colleges can protect themselves against such crime.

Some background information on Fremd and the HP-2000.


High School District 211 co-purchased the HP-2000 with Harper Junior College. The district had 12 dial-up ports, and the college had 12 hard-wired ports. I can't say what the other schools in the district had (Conant, Palatine, Hoffman Estates, Schaumburg), but at Fremd we had the ASR-33, and a Digital Decwriter. I think it was an LS-120, but I could be a little off on the model number.

Aside from the machine at DePaul, the only other HP-2000 we knew about was in a neighboring High School district (District 215, if memory serves). I think we knew about them via the grape vine: friend of a friend, some traded logins, etc. I suspect the two targetted DePaul because it seemed a better target. That, and we already had a stolen account to the District 215 system, and there wasn't anything at all interesting there.

Anytime a vulnerability within the HP2000 was found, it seemed to spread like wildfire throughout the other schools in the district, so the admins at Harper did a pretty good job of keeping the system patched. Other admins weren't quite so proactive. Many of the things we found would either bring the machine to a grinding halt, or would crash it entirely, requiring a very manual restart. DePaul's computer wasn't adequately patched, and that's how the two got the attention of the DePaul admins.

Toward the end of my tenure at Fremd, they started teaching computers a little bit. It was a three or four week segment in one of the math classes. We had an HP card reader, and the students would write their programs on cards, using a #2 pencil instead of card punch. By that time in school, I was a regular fixture in the computer room (which was adjacent to the math office), so all the math teachers knew me, and I got to sit out that part of the math class. Instead, I got to submit and run everyone's homework.

There's more, but I'll have to write that later.

Does anyone happen to know where Brian Catlin might be these days? Also, does anyone know who the other perpetrator was?


I received the following update regarding this event:


I was a classmate of Brian and... the other guy's name escapes me (it's been more than 25 years, gimme a break!) I was Fremd HS class of 79, and I suppose it's dumb luck I didn't get involved in anything like that myself.

Brian and "the other guy" used a Commodore C64 with an acoustic coupled modem in their break-in. The DePaul security was weak, the password to the A000 account was ^A^N^T, so it was fairly easy for their brute force cracker to find it. DePaul discovered someone had gained unauthorized access to the system, so they changed the password to ^B^A^T. Again, it was fairly easy to break. The problem they ran into though, was that when using an acoustic coupler, they had to dial the phone manually. And the log in process would only allow 3 (or 5? I can't recall) attempts before it would disconnect, and they'd have to hang up and manually redial.

The DePaul system had a remote job entry mechanism for the university's IBM 360, and that's what the expense was about: the university took the '360 down for a couple of days to run a complete process audit to ensure the two hadn't planted anything malicious on it.

They based their C64 program on that of one written by another student that was class of 78, if I recall. That program ran on the HP2000, and spit out the HEL-A000<cr><password> string to the paper tape punch on the Teletype Model 33 we had in the terminal room. Of course, by 78 or 79, the school had installed locks on the rotary phones we used to dial the machine the high school district shared with the local junior college.

The last I saw/heard of Brian was spring of 1981. He told me he had a job offer from TRW right out of high school, and they were sending him to UCLA first. He said that with all the press attention (it was on local and national TV), he had all sorts of job offers rolling in.

I'll see what I can do to dig up the other guy's name. He was in the electronics club, and I think he might have been in the drama club - tech crew as well.

Update Redux:

The name of the other guy was Chris Adams. I was also a nerdy at Fremd at the time and was interviewed by the FBI when they were trying to track down who the perpetrators were. The last I saw of Brian was on a news show like 20/20 (early 90's, maybe). He had become a computer security expert and was living in California.

Further Redux:


Brian Catlin is co-owner and Vice President of Azius LLC. He started building and programming 8-bit microprocessors in 1977, switched to VAX/VMS in 1982 where he specialized in device drivers, and finally to Windows NT in 1992, specializing in device drivers and internals. Brian got into device drivers because he likes to write software that interacts with the real world; writing business software is his definition of torture. Brian also spent a great deal of time in the aerospace/ defense world designing command centers, where he learned the discipline of specification writing and project management. Brian offers consulting services through his company, Sannas Consulting.

Comments to Webmaster

Click here for the Home page.
Click here for the HP-2000 page.
Click here for the Wanted page.

Last updated October 7, 2009