All that is in the past. These days, William Butler gets into his car at 5:30 every weekday morning and begins the commute to work through clogged Houston traffic. He considers himself a very lucky man even to be alive. He’s got a steady girlfriend; he drives a shiny new car. And, he adds, “I was recently rewarded with a $7,000 raise. Not bad.”

Like William, his friend Danny is also settled in life and holding down a steady job doing computer work. But neither will ever forget the long, slow years paying a hard price for their actions. Strangely, the time in prison equipped them with the skills they’re now making such good use of in “the free world.”

Danny was already serving a 20-year sentence at the Wynne Unit, a prison in Huntsville, Texas, when William arrived. His initial prison job had nothing to do with computers.

When Danny was transferred to the Wynne unit, he was grateful to be assigned clerical work in the Transportation Office. “I started to work on an Olivetti typewriter with a monitor and a couple of disk drives. It ran DOS and had a little memory. I messed around trying to learn how to use it.” (For me, that rang familiar bells: The first computer I ever used was an Olivetti teletype with a 110-baud acoustic-coupler modem.)

He found an old computer book lying around, an instruction manual for the early database program dBase III. “I figured out how to put the reports on dBase, while everybody else was still typing theirs.” He converted the office purchase orders to dBase and even started a program to track the prison’s shipments of farm products to other prisons around the state.

Eventually Danny made trustee status, which brought a work assignment involving a higher level of trust and what’s referred to as a “gate pass,” allowing him to work outside the secure perimeter of the prison. He was sent to a job in the dispatch office in a trailer outside the fence, preparing shipping orders for the delivery trucks transporting the food goods. But what really mattered was that it gave him “my first real access to computers.”

After a while, he was given a small room in the trailer and put in charge of hardware — assembling new machines and fixing broken ones. Here was a golden opportunity: learning how to build computers and fix them from hands-on experience. Some of the people he worked with would bring in computer books for him, which accelerated his learning curve.

Being in charge of hardware gave him access to “a shelf full of computer parts with nothing inventoried.” He soon grew reasonably skilled at assembling machines or adding components. Prison staff didn’t even inspect the systems to determine how he had configured them, so he could easily set up machines with unauthorized equipment.

In the federal system at that time, prisoners were allowed computer access only under a strict set of guidelines. No inmate could use any computer that was attached to a modem, or that had a network card or other communication device. Operationally critical computers and systems containing sensitive information were clearly marked “Staff Use Only” so it would be immediately apparent if an inmate was using a computer that put security at risk. Computer hardware was strictly controlled by technology knowledgeable staff to prevent unauthorized use.

The kitchen had one computer, an ancient 286 machine with a cooling fan on the front but still good enough for him to make good progress with developing his computer skills. He was able to put some of the kitchen records, reports, and purchase order forms on the computer, which saved hours of adding columns of numbers and typing out paperwork.

After William discovered there was another prisoner who shared his interest in computers, Danny was able to help improve the quality of the computer setup in the commissary. He pulled components off the shelf in the Agriculture trailer and then recruited the aid of some friends with maintenance assignments, who could go anywhere in the prison.

How did he convince a guard to break the rules so blatantly? “I just did what they call ‘worked my jelly’ on him — I just talked to him and befriended him.” William’s parents had purchased the computer items at his request, and the guard agreed to bring in the load of items as if they were Christmas presents.

To provide work space for his expanding computer installation, William appropriated a small storage room attached to the commissary. The room was unventilated but he was sure that wouldn’t be a problem, and it wasn’t: “I traded food to get an air conditioner, we knocked a hole in the wall and put the air conditioner unit in so we could breath and could work in comfort,” he explained.

“We built three PCs back there. We took old 286 cases and put Pentium boards in them. The hard drives wouldn’t fit, so we had to use toilet paper rolls for hard drive holders,” which, while an innovative solution, must have been funny to look at.

Why three computers? Danny would drop in sometimes, and they’d each have a computer to use. And a third guy later started “a law office” — charging inmates for researching their legal issues online and drawing up papers for filing appeals and the like.

Meanwhile, William’s skills in using a computer to organize the commissary’s paperwork came to the attention of the captain in charge of food service. He gave William an added assignment: When not busy with regular duties, he was to work on setting up computer files for the captain’s reports to the warden.

To carry out these additional responsibilities, William was allowed to work in the captain’s office, a sweet assignment for a prisoner. But after a time William began to chafe: Those computers in the commissary were by now loaded with music files, games, and videos. In the captain’s office, he had none of these pleasing diversions. Good old American innovation plus a healthy dose of gutsy fearlessness suggested a way of solving the problem.

In short order, he had hardwired an Ethernet connection linking up the three computers he now had in the commissary, with the computer in the captain’s office. When the captain wasn’t there, William had the pleasure of playing his computer games, listening to his music, and watching his videos.

But he was running a big risk. What if the captain came back unexpectedly and discovered him with music playing and a game on the screen, or a girlie movie? It would mean goodbye to the privileged position in the kitchen, the cushy duties in the captain’s office, and the access to the computer setup he had so painstakingly assembled.

Meanwhile, Danny had his own challenges. He was now working in the Agriculture Office surrounded by computers, with telephone jacks everywhere connecting to the outside world. He was like a kid with his nose pressed to the window of the candy store and no money in his pocket. All those temptations so nearby and no way to enjoy them.

One day an officer showed up in Danny’s tiny office. “[He] brought his machine in because he couldn’t get connected to the Internet. I didn’t really know how a modem worked, there was nobody teaching me anything. But I was able to help him set it up.” In the process of getting the machine online, the officer, on request, gave Danny his username and password; probably he didn’t see any problem about doing this, knowing that inmates weren’t allowed to use any computer with online access.

Danny realized what the guard was too dense or too technically illiterate to figure out: He had given Danny an e-ticket to the Internet. Secretly running a telephone line behind a rack of cabinets into his work area, Danny hooked it up to the internal modem in his computer. With the officer’s login and password that he had memorized, he was golden: He had Internet access.

A clever workaround suggested itself. Danny installed a “splitter” on the phone line going to the fax machine. But it wasn’t long before the Ag unit began to hear complaints from other prisons wanting to know why their fax line was busy so much of the time. Danny realized he’d have to get a dedicated line if he wanted to cruise the Net at leisure and in safety. A little scouting provided the answer: He discovered two telephone jacks that were live but not in use. Apparently none of the staff remembered they even existed. He reconnected the wire from his modem, plugging it into one of the jacks. Now he had his own outside line. Another problem solved.

In a corner of his tiny room, under a pile of boxes, he set up a computer as a server — in effect, an electronic storage device for all the great stuff he planned to download, so the music files and computer hacking instructions and all the rest wouldn’t be on his own computer, just in case anybody looked.

Things were shaping up, but Danny was plagued by one other difficulty, a considerably bigger one. He had no way of knowing what would happen if he and the officer tried to use the officer’s Internet account at the same time. If Danny was already connected, would the officer get an error message saying that he couldn’t get online because his account was already in use? The man might have been a dense redneck, but surely at that point he would remember giving Danny his sign-on information and begin to wonder. At the time, Danny couldn’t think of a solution; the problem gnawed at him.

Still, he was proud of what he’d accomplished given the circumstances. It had taken an enormous amount of work. “I had built up a good foundation — running servers, downloading anything I could get off the web, running ‘GetRight’ [software] that would keep a download going twenty-four hours. Games, videos, hacking information, learning how networks are set up, vulnerabilities, how to find open ports.”

William understood how Danny’s setup in the Agriculture Department had been possible. “He was basically the network administrator because the free-world guy [the civilian employee] they had working there was a buffoon.” The inmates were being assigned jobs that the employee was supposed to be doing but didn’t know how, things like “the C++ and Visual Basic programming,” nor did they have the smarts necessary to properly administer the network.

Another challenge also troubled Danny: His computer faced an aisle, so anybody could see what he was doing. Since the Agriculture Office was locked up after working hours, he could only go online during the day, watching for moments when everyone else in the office seemed to be too busy with their own work to take any interest in what he was up to. Picking up a clever trick that would allow him to take control of another computer, he connected his machine to the one used by a civilian employee who worked opposite him. When the man wasn’t there and it looked like maybe no one would be drifting into the back room for a while, Danny would commandeer the other computer, put it online, and set it to download some game or music he wanted to the server in the corner.

One day when he was in the middle of getting online for a download, somebody showed up unexpectedly in Danny’s work area: a female guard — always much more hard-nosed and by-the-rules than the men, Danny and William agree. Before he could release his control of the other machine, the guard’s eyes widened: She had noticed the cursor moving! Danny managed to quit his operation. The guard blinked, probably figuring she must have imagined it, and walked out.

What Danny envisioned was putting together two pieces of a puzzle; the telephone lines to the outside world, available to him in the Agriculture Department, and William’s computers in the kitchen. He proposed a way that would let the two of them use computers and get onto the Internet whenever they wanted, in freedom and safety.

The Agriculture Office had computer equipment that was more up-to-date because, as Danny explained, other prisons around the state “razzed” to their server. His term “razzed” was a way of saying that computers at the other prisons were connecting by dial-up to the Agriculture Office server, which was configured to allow dial-up connections through Microsoft’s RAS (Remote Access Services).

A key make-or-break element confronted the guys: modems. “Getting hold of modems was a major deal,” William said. “They kept those pretty tight. But we were able to get our hands on a couple.” When they were ready to go online from the commissary, “What we would do was dial up on the inner-unit phone lines and razz into the Agriculture Department.”

Translation: From the commissary, the guys would enter a command instructing the computer modem to dial a phone call over an internal phone line. That call would be received by a modem in the farm shop, a modem connected to Danny’s server. That server was on a local network to all the other computers in the office, some of which had modems connected to external phone lines. With commissary and Ag Office computer networks talking to each other over the internal phone line, the next command would instruct one of those Ag Office computers to dial out to the Internet. Voilà! Instant access.

Well, not quite. The two hackers still needed an account with an Internet service provider. Initially, they used the login names and passwords of personnel who worked in the department, “when we knew they were gonna be out of town hunting or something like that,” says Danny. This information had been gleaned by installing on the other computers software called “BackOrifice,” a popular remote monitoring tool that gave them control of a remote computer as if they were sitting right in front of it.

Of course, using other people’s passwords was risky — with all sorts of ways you might get caught. It was William this time who came up with a solution. “I got my parents to pay for us to have Internet access with a local service company,” so it was no longer necessary to use other people’s sign-on information.

Eventually they kept the Internet connection through the Agriculture Office going 24/7. “We had two FTP servers running down there downloading movies and music and more hacking tools and all kinds of stuff like that,” says Danny. “I was getting games that hadn’t even been released yet.”

But no matter how clever a talker a prisoner may be, no guard is going to allow an inmate free reign with computers and outside phone lines. So how did these two get away with their hacker escapades in plain view of the guards? William explained:

Another reason would have to be that these two inmates were doing computer work others had been paid to take care of. “Most of the people they had there that were supposed to be in the know about things like computers,” says William, “they just weren’t capable, so they had inmates doing it.”

This book is full of stories of the chaos and damage hackers can cause, but William and Danny were not bent on criminal mischief. They merely wanted to enhance their growing computer skills and keep themselves entertained — which under their circumstances is hardly difficult to understand. It’s important to William that people appreciate the distinction.

While the Texas prison officials remained in the dark about what was going on, they were fortunate that William and Danny had benign motives. Imagine what havoc the two might have caused; it would have been child’s play for these guys to develop a scheme for obtaining money or property from unsuspecting victims. The Internet had become their university and playground. Learning how to run scams against individuals or break in to corporate sites would have been a cinch; teenagers and preteens learn these methods every day from the hacker sites and elsewhere on the Web. And as prisoners, Danny and William had all the time in the world.

Maybe there’s a lesson here: Two convicted murderers, but that didn’t mean they were scum, rotten to the core. They were cheaters who hacked their way onto the Internet illegally, but that didn’t mean they were willing to victimize innocent people or naively insecure companies.

Besides the serious side and the fun side of their Internet use, Danny and William also got a few kicks from socializing. They started electronic friendships with some ladies, meeting them in online chat rooms and communicating by e-mail. With a few, they acknowledged they were in prison; with most, they neglected to mention the fact. No surprise there.

Living on the edge can be invigorating but always carries a dire risk. William and Danny could never stop looking over their shoulders.

“One time we got close to getting caught,” William remembered. “One of the officers we didn’t like because he was real paranoid. We didn’t like to be online while he was working.”

This particular guard called the commissary one day and found the line continually busy. “What made him freak out was that one of the other guys working in the kitchen had started a relationship with a nurse in the prison clinic.” The guard suspected that the prisoner, George, was tying up the line with an unauthorized call to his nurse fiancée. In reality, the phone line was tied up because William was using the Internet. The guard hurried to the commissary. “We could hear the key in the gate, so we knew somebody was coming. We shut everything down.”

When the guard arrived, William was entering reports on the computer as Danny innocently looked on. The guard demanded to know why the phone line had been busy for so long. William was ready for him and reeled off a story about needing to make a call to get information for the report he was working on.

Whether he believed William’s story or not, without proof the guard couldn’t do anything. George later married the nurse; as far as William knows, he’s still in prison and still happily married.

Being raised Southern Baptist was not a positive experience for William. Today, he feels that mainstream religion can harm a young person’s self-esteem. “You know, teaching that you’re worthless from the get-go.” He attributes his poor choices in part to the fact that he had become convinced he couldn’t be successful. “You know, I had to gain my self-respect and self-esteem from somewhere and I gained it from people fearing me.”

A student of philosophy, William understood what Friedrich Nietzsche meant by a “metamorphosis of the spirit”:

Despite this, William made it through high school with an unblemished record. His troubles started after he enrolled in a junior college in the Houston area, then transferred to a school in Louisiana to study aviation. The instinct to please others turned into a need for respect.

He and his customer ended up rolling around, struggling for control. The other guy’s buddy showed up; it was two against one, and William knew he had to do something desperate or he would never walk away from there. He pulled out his gun and fired. And the man was dead.

How does a boy from a strong, stable family face this hard reality? How does he share the dreadful news?

William had a lot of time to think about what landed him in prison. He doesn’t blame anyone but himself. “You know, it was just the choices I made because my self-esteem was wrecked. And it wasn’t nothing that my parents did because they brought me up the way that they thought they should.”

For Danny, everything went wrong in a single night.

It was the Richard Nixon/Martha Stewart syndrome at work: not being willing to step up and take responsibility for his action. If Dan hadn’t driven off, the charge would most likely have been manslaughter. Leaving the scene compounded the mistake, and once he was tracked down and arrested, it was too late for anyone to believe it might have been accidental.

He says, “One of the members told my mom, ‘I got more mail from him than my six kids combined.’” It worked: He kept it up for almost a year and on his next appearance before the board, they signed him out. Danny, on a shorter sentence, was released about the same time.

Since leaving prison, both William and Danny live fiercely determined to stay out of trouble, working computer-related jobs with skills gained during their years “inside.” While each took college-level tech courses in prison, both believe their hands-on experience, perilous though it was, gave them the advanced skills they now depend on for their living.

Danny earned 64 college credit hours in prison, and though he fell short of earning any professional certifications, now works with high-powered, critical applications including Access and SAP.

Before prison, William completed his freshman year in college and was a sophomore, with his parents supporting him. Once he got out, he was able to continue his education. “I applied for financial aid and got it and went to school. I got straight A’s and also worked in the school’s computer center.”

He now has two associate’s degrees — in liberal arts and network computer maintenance — both paid for by financial aid. Despite the two degrees, William didn’t have quite the luck of Danny in landing a computer job. So he took what he could find, accepting a position involving physical labor. Credit his determination and his employer’s open-minded attitude: As soon as the firm recognized his computer skills, he was pulled off the physical tasks and set to work at a job that makes better use of his technical qualifications. It’s routine business computing, not the network designing he’d rather be doing, but he satisfies that urge by spending time on weekends figuring out low-cost ways of networking the computer systems for two Houston-area churches, as a volunteer.

These two men stand as exceptions. In one of the most pressing and least-discussed challenges of contemporary American society, most felons released from prison face a near-impossible hurdle of finding work, especially any job that pays enough to support a family That’s not hard to understand: How many employers can be confident about the idea of hiring a murderer, an armed robber, a rapist? In many states they are ineligible for welfare, leaving few ways of supporting themselves while continuing the near-hopeless search for work. Their options are severely limited — and then we wonder why so many quickly return to prison, and assume it must be that they lack the will to live by the rules.

Today, William has some solid advice for young people and their parents:

Danny would no doubt also agree with these words of William’s:

Insiders often pose a greater threat than the attackers we read about in the newspapers. While the majority of security controls are focused on protecting the perimeter against the outside attacker, it’s the insider who has access to physical and electronic equipment, cabling, telephone closets, workstations, and network jacks. They also know who in the organization handles sensitive information and what computer systems the information is stored on, as well as how to bypass any checks put in place to reduce theft and fraud.

Another aspect of their story reminds me of the movie Shawshank Redemption. In it, a prisoner named Andy is a CPA. Some of the guards have him prepare their tax returns and he gives them advice on the best ways of structuring their finances to limit their tax liability. Andy’s abilities become widely known among the prison staff; leading to more book-keeping work at higher levels in the prison, until eventually he’s able to expose the Warden, who has been “cooking” the books. Not just in a prison but everywhere, we all need to be careful and discreet about whom we give sensitive information to.

In my own case, the United States Marshal Service created a high level of paranoia about my capabilities. They placed a warning in my file cautioning prison officials not to disclose any personal information to me — not even giving me their names, since they believed a wild rumor that I could tap into the government’s plethora of secret databases and erase the identity of anyone, even a Federal Marshal. I think they had watched “The Net” one too many times.

And in a prison, you would not expect that inmates, closely watched, living under a set of rigid rules, would find the means not just to work their way onto the Internet but then to spend hours at a time, day after day, enjoying music, movies, communications with the opposite sex, and learning more and more about computers.

The moral: If you are in charge of information security for any school, workgroup, company, or other entity — you have to assume that some malicious adversary, including someone inside your organization — is looking for that small crack in the wall, the weakest link of your security chain to break your network. Don’t assume that everyone is going to play by the rules. Do what is cost-effective to prevent potential intrusions, but don’t forget to keep looking out for what you missed. The bad guys are counting on you to be careless.