The Project Gutenberg Etext of Underground, by Suelette Dreyfus
** This is a COPYRIGHTED Project Gutenberg Etext, Details Below **
** Please follow the copyright guidelines in this file. **
Copyright (c) 1997, 2001 Suelette Dreyfus & Julian Assange.
All rights reserved. Without limiting the rights under copyright
above, no part of this publication may be reproduced, stored in or
introduced into a retrieval system, or transmitted in any form or
by any means (electronic, mechanical, photocopying, recording or
otherwise), without the prior written permission of both the
copyright owner and the publisher.
"I have donated my book "Underground" to Project Gutenberg's
collection in memory of my great aunt, Lucie Palmer. Lucie was an
explorer, a naturalist, a keen undersea diver and above all a gifted
painter. In the last years of her life, she lost her vision due to
macular degeneration. She could no longer do her beloved undersea
paintings. But, while she could not travel in person, she continued to
travel in her mind through books for the vision impaired. I hope you
enjoy your journey to another world as much as she did.
-- From Suelette Dreyfus, Author, Underground"
We encourage you to keep this file, exactly as it is, on your
own disk, thereby keeping an electronic path open for future
readers. Please do not remove this header information.
This header should be the first thing seen when anyone starts to
view the etext. Do not change or edit it without written permission.
The words are carefully chosen to provide users with the
information they need to understand what they may and may not
do with the etext.
**Welcome To The World of Free Plain Vanilla Electronic Texts**
**Etexts Readable By Both Humans and By Computers, Since 1971**
*****These Etexts Are Prepared By Thousands of Volunteers!*****
Information on contacting Project Gutenberg to get etexts, and
further information, is included below. We need your donations.
The Project Gutenberg Literary Archive Foundation is a 501(c)(3)
organization with EIN [Employee Identification Number] 64-6221541
Title: Underground
Author: Suelette Dreyfus
Release Date: September, 2003 [Etext #4686]
[Yes, we are more than one year ahead of schedule]
[This file was first posted on February 27, 2002]
Edition: 10
Language: English
Character set encoding: ASCII
The Project Gutenberg Etext of Underground, by Suelette Dreyfus
*******This file should be named undgd10.txt or undgd10.zip******
Corrected EDITIONS of our etexts get a new NUMBER, undgd11.txt
VERSIONS based on separate sources get new LETTER, undgd10a.txt
We are now trying to release all our etexts one year in advance
of the official release dates, leaving time for better editing.
Please be encouraged to tell us about any error or corrections,
even years after the official publication date.
Please note neither this listing nor its contents are final til
midnight of the last day of the month of any such announcement.
The official release date of all Project Gutenberg Etexts is at
Midnight, Central Time, of the last day of the stated month. A
preliminary version may often be posted for suggestion, comment
and editing by those who wish to do so.
Most people start at our sites at:
http://gutenberg.net or
http://promo.net/pg
These Web sites include award-winning information about Project
Gutenberg, including how to donate, how to help produce our new
etexts, and how to subscribe to our email newsletter (free!).
Those of you who want to download any Etext before announcement
can get to them as follows, and just download by date. This is
also a good way to get them instantly upon announcement, as the
indexes our cataloguers produce obviously take a while after an
announcement goes out in the Project Gutenberg Newsletter.
http://www.ibiblio.org/gutenberg/etext03 or
ftp://ftp.ibiblio.org/pub/docs/books/gutenberg/etext03
Or /etext02, 01, 00, 99, 98, 97, 96, 95, 94, 93, 92, 92, 91 or 90
Just search by the first five letters of the filename you want,
as it appears in our Newsletters.
Information about Project Gutenberg (one page)
We produce about two million dollars for each hour we work. The
time it takes us, a rather conservative estimate, is fifty hours
to get any etext selected, entered, proofread, edited, copyright
searched and analyzed, the copyright letters written, etc. Our
projected audience is one hundred million readers. If the value
per text is nominally estimated at one dollar then we produce $2
million dollars per hour in 2001 as we release over 50 new Etext
files per month, or 500 more Etexts in 2000 for a total of 4000+
If they reach just 1-2% of the world's population then the total
should reach over 300 billion Etexts given away by year's end.
The Goal of Project Gutenberg is to Give Away One Trillion Etext
Files by December 31, 2001. [10,000 x 100,000,000 = 1 Trillion]
This is ten thousand titles each to one hundred million readers,
which is only about 4% of the present number of computer users.
At our revised rates of production, we will reach only one-third
of that goal by the end of 2001, or about 4,000 Etexts. We need
funding, as well as continued efforts by volunteers, to maintain
or increase our production and reach our goals.
The Project Gutenberg Literary Archive Foundation has been created
to secure a future for Project Gutenberg into the next millennium.
We need your donations more than ever!
As of January, 2002, contributions are being solicited from people
and organizations in: Alabama, Alaska, Arkansas, Connecticut, Delaware,
Florida, Georgia, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky,
Louisiana, Maine, Michigan, Missouri, Montana, Nebraska, Nevada, New
Jersey, New Mexico, New York, North Carolina, Oklahoma, Oregon,
Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee,
Texas, Utah, Vermont, Virginia, Washington, West Virginia, Wisconsin,
and Wyoming.
As the requirements for other states are met, additions to this list
will be made and fund raising will begin in the additional states.
Please feel free to ask to check the status of your state.
In answer to various questions we have received on this:
We are constantly working on finishing the paperwork to legally
request donations in all 50 states. If your state is not listed and
you would like to know if we have added it since the list you have,
just ask.
While we cannot solicit donations from people in states where we are
not yet registered, we know of no prohibition against accepting
donations from donors in these states who approach us with an offer to
donate.
International donations are accepted! For more information
about donations, please view http://promo.net/pg/donation.html
We accept PayPal, as well as donation s via NetworkForGood.
Donation checks should be sent to:
Project Gutenberg Literary Archive Foundation
PMB 113
1739 University Ave.
Oxford, MS 38655-4109
The Project Gutenberg Literary Archive Foundation has been approved by
the US Internal Revenue Service as a 501(c)(3) organization with EIN
[Employee Identification Number] 64-622154. Donations are
tax-deductible to the maximum extent permitted by law. As fundraising
requirements for other states are met, additions to this list will be
made and fundraising will begin in the additional states.
We need your donations more than ever!
***
If you can't reach Project Gutenberg,
you can always email directly to:
Michael S. Hart <hart@pobox.com>
Prof. Hart will answer or forward your message.
We would prefer to send you information by email.
**Information prepared by the Project Gutenberg legal advisor**
(Three Pages)
***START** SMALL PRINT! for COPYRIGHT PROTECTED ETEXTS ***
TITLE AND COPYRIGHT NOTICE:
Copyright (c) 1997, 2001 Suelette Dreyfus & Julian Assange.
All rights reserved. Without limiting the rights under copyright
above, no part of this publication may be reproduced, stored in or
introduced into a retrieval system, or transmitted in any form or
by any means (electronic, mechanical, photocopying, recording or
otherwise), without the prior written permission of both the
copyright owner and the publisher.
This etext is distributed by Professor Michael S. Hart through the
Project Gutenberg Association (the "Project") under the "Project
Gutenberg" trademark and with the permission of the etext's
copyright owner.
Please do not use the "PROJECT GUTENBERG" trademark to market
any commercial products without permission.
LICENSE
You can (and are encouraged!) to copy and distribute this
Project Gutenberg-tm etext. Since, unlike many other of the
Project's etexts, it is copyright protected, and since the
materials and methods you use will effect the Project's reputation,
your right to copy and distribute it is limited by the copyright
laws and by the conditions of this "Small Print!" statement.
[A] ALL COPIES: You may distribute copies of this etext
electronically or on any machine readable medium now known
or hereafter discovered so long as you:
(1) Honor the refund and replacement provisions of this
"Small Print!" statement; and
(2) Pay a royalty to the Foundation of 20% of the gross
profits you derive calculated using the method you already use
to calculate your applicable taxes. If you don't derive
profits, no royalty is due. Royalties are payable to "Project
Gutenberg Literary Archive Foundation" within the 60 days
following each date you prepare (or were legally required
to prepare) your annual (or equivalent periodic) tax return.
[B] EXACT AND MODIFIED COPIES: The copies you distribute
must either be exact copies of this etext, including this
Small Print statement, or can be in binary, compressed, mark-
up, or proprietary form (including any form resulting from
word processing or hypertext software), so long as *EITHER*:
(1) The etext, when displayed, is clearly readable, and
does *not* contain characters other than those intended by the
author of the work, although tilde (~), asterisk (*) and
underline (_) characters may be used to convey punctuation
intended by the author, and additional characters may be used
to indicate hypertext links; OR
(2) The etext is readily convertible by the reader at no
expense into plain ASCII, EBCDIC or equivalent form by the
program that displays the etext (as is the case, for instance,
with most word processors); OR
(3) You provide or agree to provide on request at no
additional cost, fee or expense, a copy of the etext in plain
ASCII.
LIMITED WARRANTY; DISCLAIMER OF DAMAGES
This etext may contain a "Defect" in the form of incomplete,
inaccurate or corrupt data, transcription errors, a copyright
or other infringement, a defective or damaged disk, computer
virus, or codes that damage or cannot be read by your
equipment. But for the "Right of Replacement or Refund"
described below, the Project (and any other party you may
receive this etext from as a PROJECT GUTENBERG-tm etext)
disclaims all liability to you for damages, costs and
expenses, including legal fees, and YOU HAVE NO REMEDIES FOR
NEGLIGENCE OR UNDER STRICT LIABILITY, OR FOR BREACH OF
WARRANTY OR CONTRACT, INCLUDING BUT NOT LIMITED TO INDIRECT,
CONSEQUENTIAL, PUNITIVE OR INCIDENTAL DAMAGES, EVEN IF YOU
GIVE NOTICE OF THE POSSIBILITY OF SUCH DAMAGES.
If you discover a Defect in this etext within 90 days of
receiving it, you can receive a refund of the money (if any)
you paid for it by sending an explanatory note within that
time to the person you received it from. If you received it
on a physical medium, you must return it with your note, and
such person may choose to alternatively give you a replacement
copy. If you received it electronically, such person may
choose to alternatively give you a second opportunity to
receive it electronically.
THIS ETEXT IS OTHERWISE PROVIDED TO YOU "AS-IS". NO OTHER
WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, ARE MADE TO YOU AS
TO THE ETEXT OR ANY MEDIUM IT MAY BE ON, INCLUDING BUT NOT
LIMITED TO WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE. Some states do not allow disclaimers of
implied warranties or the exclusion or limitation of
consequential damages, so the above disclaimers and exclusions
may not apply to you, and you may have other legal rights.
INDEMNITY
You will indemnify and hold Michael Hart and the Foundation,
and its trustees and agents, and any volunteers associated
with the production and distribution of Project Gutenberg-tm
texts harmless, from all liability, cost and expense, including
legal fees, that arise directly or indirectly from any of the
following that you do or cause: [1] distribution of this etext,
[2] alteration, modification, or addition to the etext,
or [3] any Defect.
WHAT IF YOU *WANT* TO SEND MONEY EVEN IF YOU DON'T HAVE TO?
Project Gutenberg is dedicated to increasing the number of
public domain and licensed works that can be freely distributed
in machine readable form.
The Project gratefully accepts contributions of money, time,
public domain materials, or royalty free copyright licenses.
Money should be paid to the:
"Project Gutenberg Literary Archive Foundation."
If you are interested in contributing scanning equipment or
software or other items, please contact Michael Hart at:
hart@pobox.com
*SMALL PRINT! Ver.12.12.00 FOR COPYRIGHT PROTECTED ETEXTS*END*
"I have donated my book "Underground" to Project Gutenberg's
collection in memory of my great aunt, Lucie Palmer. Lucie was an
explorer, a naturalist, a keen undersea diver and above all a gifted
painter. In the last years of her life, she lost her vision due to
macular degeneration. She could no longer do her beloved undersea
paintings. But, while she could not travel in person, she continued to
travel in her mind through books for the vision impaired. I hope you
enjoy your journey to another world as much as she did.
-- From Suelette Dreyfus, Author, Underground"
Underground --
Hacking, madness and obsession on the electronic frontier.
By Suelette Dreyfus with Research by Julian Assange.
`Gripping, eminently readable.. Dreyfus has uncovered one of this
country's best kept secrets and in doing so has created a highly
intense and enjoyable read' -- Rolling Stone
www.underground-book.com
This edition has been specifically adapted for speech synthesis. We
recommend using a different distribution with intact type-setting
for visual use.
First Published 1997 by Mandarin; a part of Reed Books Australia; 35
Cotham Road, Kew 3101.
a subsidiary of Random House books Australia.
a division of Random House International Pty Limited.
Copyright (c) 1997, 2001 Suelette Dreyfus & Julian Assange.
All rights reserved. Without limiting the rights under copyright
above, no part of this publication may be reproduced, stored in or
introduced into a retrieval system, or transmitted in any form or
by any means (electronic, mechanical, photocopying, recording or
otherwise), without the prior written permission of both the
copyright owner and the publisher.
Typeset in New Baskerville by J&M Typesetting.
Printed and bound in Australia by Australian Print Group.
National Library of Australia.
cataloguing-in-publication data:
Dreyfus, Suelette.
Underground: tales of hacking, madness & obsession on the electronic frontier.
Bibliography:
ISBN number 1 86330 595 5
1. Computer hackers--Australia--Biography.
2. Computer crimes--Australia.
3. Computer security--Australia.
I. Assange, Julian. II. Title.
364.1680922
Send all comments to "feedback@underground-book.com".
Preface to the electronic edition.
Why would an author give away an unlimited number of copies of her
book for free? That's a good question. When `Underground''s
researcher, Julian Assange, first suggested releasing an electronic
version of the book on the Net for free, I had to stop and think about
just that question.
I'd spent nearly three years researching, writing and editing the nearly
500 pages of `Underground'. Julian had worked thousands of
hours doing painstaking research; discovering and cultivating sources,
digging with great resourcefulness into obscure databases and legal
papers, not to mention providing valuable editorial advice.
So why would I give away this carefully ripened fruit for free?
Because part of the joy of creating a piece of art is in knowing that
many people can - and are - enjoying it. Particularly people who can't
otherwise afford to pay $11 USD for a book. People such as cash strapped
hackers. This book is about them, their lives and obsessions. It rubs
clear a small circle in the frosted glass so the reader can peer into
that hazy world. `Underground' belongs on the Net, in their ephemeral
landscape.
The critics have been good to `Underground', for which I am very
grateful. But the best praise came from two of the hackers detailed in
the book. Surprising praise, because while the text is free of the
narrative moralising that plague other works, the selection of material
is often very personal and evokes mixed sympathies. One of the hackers,
Anthrax dropped by my office to say `Hi'. Out of the blue, he said with
a note of amazement, `When I read those chapters, it was so real, as if
you had been right there inside my head'. Not long after Par, half a
world away, and with a real tone of bewildered incredulity in his voice
made exactly the same observation. For a writer, it just doesn't get any
better than that.
By releasing this book for free on the Net, I'm hoping more people
will not only enjoy the story of how the international computer
underground rose to power, but also make the journey into the minds
of hackers involved. When I first began sketching out the book's
structure, I decided to go with depth. I wanted the reader to
think, 'NOW I understand, because I too was there.' I hope those
words will enter your thoughts as you read this electronic book.
Michael Hall, a supersmart lawyer on the book's legal team, told me
in July last year he saw a young man in Sydney reading a copy of
`Underground' beside him on the #380 bus to North Bondi. Michael
said he wanted to lean over and proclaim proudly, `I legalled that
book!'. Instead, he chose to watch the young man's reactions.
The young man was completely absorbed, reading hungrily through his
well-worn copy, which he had completely personalised. The pages were
covered in highlighter, scrawled margin writing and post-it notes. He
had underlined sections and dog-eared pages. If the bus had detoured to
Brisbane, he probably wouldn't have noticed.
I like that. Call me subversive, but I'm chuffed `Underground' is
engaging enough to make people miss bus stops. It makes me happy, and
happy people usually want to share.
There are other reasons for releasing `Underground' in this format. The
electronic version is being donated to the visionary Project Gutenburg,
a collection of free electronic books run with missionary zeal by
Michael Hart.
Project Gutenburg promises to keep old out-of-print books in free
``electronic'' print forever, to bring literature to those who can't
afford books, and to brighten the world of the visually
impaired. `Underground' isn't out of print -- and long may it remain
that way -- but those are laudable goals. I wrote in the `Introduction'
to the printed edition about my great aunt, a diver and artist who
pioneered underwater painting in the 1940s. She provided me with a kind
of inspiration for this book. What I didn't mention is that as a result
of macular degeneration in both eyes, she is now blind. She can no
longer paint or dive. But she does read - avidly - through `talking
books'. She is another reason I decided to release `Underground' in this
format.
So, now you can download and read the electronic version of
`Underground' for free. You can also send the work to your friends for
free. Or your enemies. At over a megabyte of plain text each, a few
dozen copies of underground make an extremely effective mail bomb.
That's a joke, folks, not a suggestion. ;-)
Like many of the people in this book, I'm not big on rules. Fortunately,
there aren't many that come with this electronic version. Don't print
the work on paper, CD or any other format, except for your own personal
reading pleasure. This includes using the work as teaching material in
institutions. You must not alter or truncate the work in any way. You
must not redistribute the work for any sort of payment, including
selling it on its own or as part of a package. Random House is a
friendly place, but as one of the world's largest publishers it has a
collection of equally large lawyers. Messing with them will leave you
with scars in places that could be hard to explain to any future
partner.
If you want to do any of these things, please contact me or my literary
agents Curtis Brown & Co first. I retain the copyright on the
work. Julian Assange designed the elegant layout of this electronic
edition, and he retains ownership of this design and layout.
If you like the electronic version of the book, do buy the paper
version. Why? For starters, it's not only much easier to read on the
bus, its much easier to read full stop. It's also easier to thumb
through, highlight, scribble on, dribble on, and show off. It never
needs batteries. It can run on solar power and candles. It looks sexy on
your bookshelf, by your bed and in your bed. If you are a male geek, the
book comes with a girl-magnet guarantee. The paper version is much
easier to lend to a prospective girlfriend. When she's finished reading
the book, ask her which hacker thrilled her to pieces. Then nod
knowingly, and say coyly `Well, I've never admitted this to anyone
except the author and the Feds, but ..'
And the most important reason to purchase a paper copy? Because buying
the printed edition of the book lets the author continue to write more
fine books like this one.
Enjoy!
Suelette Dreyfus
January 2001
suelette@iq.org
Researcher's introduction.
"Man is least himself when he talks in his own person. Give him a mask,
and he will tell you the truth" -- Oscar Wilde
"What is essential is invisible to the eye" -- Antoine De Saint-Exupery
"But, how do you *know* it happened like that?" -- Reader
Due of the seamless nature of `Underground' this is a reasonable
question to ask, although hints can be found at the back of the book in
the Bibliography and Endnotes. The simple answer to this question is
that we conducted over a hundred interviews and collected around 40,000
pages of primary documentation; telephone intercepts, data intercepts,
log-files, witness statements, confessions, judgements. Telephone dialog
and on-line discussions are drawn directly from the latter. Every
significant hacking incident mentioned in this book has reams of
primary documentation behind it. System X included.
The non-simple answer goes more like this:
In chapter 4, Par, one of the principle subjects of this book, is being
watched by the Secret Service. He's on the run. He's a wanted
fugitive. He's hiding out with another hacker, Nibbler in a motel
chalet, Black Mountain, North Carolina. The Secret Service move in.
The incident is vital in explaining Par's life on the run and the
nature of his interaction with the Secret Service. Yet, just before the
final edits of this book were to go the publisher, all the pages
relating to the Block Mountain incident were about to be pulled. Why?
Suelette had flown to Tuscon Az where she spent three days
interviewing Par. I had spent dozens of hours interviewing Par on
the phone and on-line. Par gave both of us extraordinary access to
his life. While Par displayed a high degree of paranoia about why
events had unfolded in the manner they had, he was consistent,
detailed and believable as to the events themselves. He showed
very little blurring of these two realities, but we needed to show
none at all.
During Par's time on the run, the international computer underground
was a small and strongly connected place. We had already
co-incidentally interviewed half a dozen hackers he had communicated
with at various times during his zig-zag flight across America. Suelette
also spoke at length to his lead lawyer Richard Rosen, who, after
getting the all-clear from Par, was kind enough to send us a copy of
the legal brief. We had logs of messages Par had written on
underground BBS's. We had data intercepts of other hackers in
conversation with Par. We had obtained various Secret Service documents
and propriety security reports relating to Par's activities. I had
extensively interviewed his Swiss girlfriend Theorem (who had also been
involved with Electron and Pengo), and yes, she did have a melting
French accent.
Altogether we had an enormous amount of material on Par's activities,
all of which was consistent with what Par had said during his
interviews, but none of it, including Rosen's file, contained any
reference to Black Mountain, NC. Rosen, Theorem and others had heard
about a SS raid on the run, yet when the story was traced back, it
always led to one source. To Par.
Was Par having us on? Par had said that he had made a telephone call to
Theorem in Switzerland from a phone booth outside the motel a day or
two before the Secret Service raid. During a storm. Not just any
storm. Hurricane Hugo. But archival news reports on Hugo discussed it
hitting South Carolina, not North Carolina. And not Black
Mountain. Theorem remembered Par calling once during a storm. But not
Hugo. And she didn't remember it in relation to the Black Mountain
raid.
Par had destroyed most of his legal documents, in circumstances that
become clear in the book, but of the hundreds of pages of documentary
material we had obtained from other sources there was wasn't a single
mention of Black Mountain. The Black Mountain Motel didn't seem to
exist. Par said Nibbler had moved and couldn't be located. Dozens of
calls by Suelette to the Secret Service told us what we didn't want to
hear. The agents we thought most likely to have been involved in the
the hypothetical Black Mountain incident had either left the Secret
Service or were otherwise unreachable. The Secret Service had no idea
who would have been involved, because while Par was still listed in the
Secret Service central database, his profile, contained three
significant annotations:
1. Another agency had ``borrowed'' parts Par's file.
2. There were medical ``issues'' surrounding Par.
3. SS documents covering the time of Black Mountain incident had been destroyed for various reasons that become clear the book.
4. The remaining SS documents had been moved into ``deep-storage'' and would take two weeks to retrieve.
With only one week before our publisher's ``use it or lose it''
dead-line, the chances of obtaining secondary confirmation of the Black
Mountain events did not look promising.
While we waited for leads on the long trail of ex, transfered and
seconded SS agents who might have been involved in the Black Mountain
raid, I turned to resolving the two inconsistencies in Par's story;
Hurricane Hugo and the strange invisibility of the Black Mountain
Motel.
Hurricane Hugo had wreathed a path of destruction, but like most most
hurricanes heading directly into a continental land-mass it had started
out big and ended up small. News reports followed this pattern, with a
large amount of material on its initial impact, but little or nothing
about subsequent events. Finally I obtained detailed time by velocity
weather maps from the National Reconnaissance Office, which showed the
remaining Hugo epicentre ripping through Charlotte NC (pop. 400k)
before spending itself on the Carolinas. Database searches turned up a
report by Natalie, D. & Ball, W, EIS Coordinator, North Carolina
Emergency Management, `How North Carolina Managed Hurricane Hugo' --
which was used to flesh out the scenes in Chapter 4 describing Par's
escape to New York via the Charlotte Airport.
Old Fashioned gum-shoe leg-work, calling every motel in Black Mountain
and the surrounding area, revealed that the Black Mountain Motel had
changed name, ownership and.. all its staff. Par's story was holding,
but in someways I wished it hadn't. We were back to square one in terms
of gaining independent secondary confirmation.
Who else could have been involved? There must have been a paper-trail
outside of Washington. Perhaps the SS representation in Charlotte had
something? No. Perhaps there were records of the warrants in the
Charlotte courts? No. Perhaps NC state police attended the SS raid in
support? Maybe, but finding walm bodies who had been directly involved
proved proved futile. If it was a SS case, they had no indexable
records that they were willing to provide. What about the local
coppers? An SS raid on a fugitive computer hacker holed up at one of
the local motels was not the sort of event that would be likely to have
passed unnoticed at the Black Mountain county police office, indexable
records or not.
Neither however, were international telephone calls from strangely
accented foreign-nationals wanting to know about them. Perhaps the Reds
were no-longer under the beds, but in Black Mountain, this could be
explained away by the fact they were now hanging out in phone booths. I
waited for a new shift at the Black Mountain county police office,
hoping against hope, that the officer I had spoken to wouldn't
contaminate his replacement. Shamed, I resorted to using that most
special of US militia infiltration devices. An American accent and a
woman's touch. Suelette weaved her magic. The Black Mountain raid had
taken place. The county police had supported it. We had our
confirmation.
While this anecdote is a strong account, it's also representative one.
Every chapter in underground has many tales just like it. They're
unseen, because a book must not just be true in details, but true in
feeling.
True to the visible and the invisible. A difficult combination.
Julian Assange
January 2001
proff@iq.org
Literary Freeware: Not for Commercial Use.
Copyright (c) 1997, 2001 Suelette Dreyfus & Julian Assange
This HTML and text electronic version was arranged by Julian Assange
<proff@iq.org> and is based on the printed paper edition.
Permission is granted to make and distribute verbatim copies of this
publication provided the copyright notice and this permission notice are
preserved on all copies and distribution is without fee.
Contents.
Acknowledgements viii
Introduction xi
1 10, 9, 8, 7, 6, 5, 4, 3, 2, 1 1
2 The Corner Pub 45
3 The American Connection 84
4 The Fugitive 120
5 The Holy Grail 159
6 Page One, the New York Times 212
7 Judgment Day 244
8 The International Subversives 285
9 Operation Weather 323
10 Anthrax--the Outsider 364
11 The Prisoner's Dilemma 400
Afterword 427 Glossary and Abbreviations 455 Notes 460
Bibliography
[ Page numbers above correspond to the Random House printed edition ]
Acknowledgements.
There are many people who were interviewed for this work, and many
others who helped in providing documents so vital for fact
checking. Often this help invovled spending a considerable amount of
time explaining complex technical or legal matters. I want to express
my gratitude to all these people, some of whom prefer to remain
anonymous, for their willingness to dig through the files in search of
yet one more report and their patience in answering yet one more
question.
I want to thank the members of the computer underground, past and
present, who were interviewed for this book. Most gave me
extraordinary access to their lives, for which I am very grateful.
I also want to thank Julian Assange for his tireless research efforts.
His superb technical expertise and first-rate research is evidence by
the immense number of details which are included in this book.
Three exceptional women -- Fiona Inglis, Deb Callaghan and Jennifer
Byrne -- believed in my vision for this book and helped me to bring it
to fruition. Carl Harrison-Ford's excellent editing job streamlined a
large and difficult manuscript despite the tight deadline. Thank you
also to Judy Brookes.
I am also very grateful to the following people and organisations for
their help (in no particular order): John McMahon, Ron Tencati, Kevin
Oberman, Ray Kaplan, the New York Daily News library staff, the New
York Post library staff, Bow Street Magistrates Court staff, Southwark
Court staff, the US Secret Service, the Black Mountain Police, Michael
Rosenberg, Michael Rosen, Melbourne Magistrates Court staff, D.L
Sellers & Co. staff, Victorian County Court staff, Paul Galbally, Mark
Dorset, Suburbia.net, Freeside Communications, Greg Hooper, H&S
Support Services, Peter Andrews, Kevin Thompson, Andrew Weaver,
Mukhtar Hussain, Midnight Oil, Helen Meredith, Ivan Himmelhoch,
Michael Hall, Donn Ferris, Victorian State Library staff, News Limited
library staff (Sydney), Allan Young, Ed DeHart, Annette Seeber, Arthur
Arkin, Doug Barnes, Jeremy Porter, James McNabb, Carolyn Ford, ATA,
Domini Banfield, Alistair Kelman, Ann-Maree Moodie, Jane Hutchinson,
Catherine Murphy, Norma Hawkins, N. Llewelyn, Christine Assange,
Russel Brand, Matthew Bishop, Matthew Cox, Michele Ziehlky, Andrew
James, Brendan McGrath, Warner Chappell Music Australia, News Limited,
Pearson Williams Solicitors, Tami Friedman, the Free Software
Foundation (GNU Project), and the US Department of Energy Computer
Incident Advisory Capability.
Finally, I would like to thank my family, whose unfailing support,
advice and encouragement have made this book possible.
Introduction.
My great aunt used to paint underwater.
Piling on the weighty diving gear used in 1939 and looking like
something out of 20000 Leagues Under the Sea, Lucie slowly sank below
the surface, with palette, special paints and canvas
in hand. She settled on the ocean floor, arranged her weighted
painter's easel and allowed herself to become completely enveloped by
another world. Red and white striped fish darted around fields of
blue-green coral and blue-lipped giant clams. Lionfish drifted by,
gracefully waving their dangerous feathered spines. Striped green
moray eels peered at her from their rock crevice homes.
Lucie dived and painted everywhere. The Sulu Archipelago. Mexico.
Australia's Great Barrier Reef. Hawaii. Borneo. Sometimes she was the
first white woman seen by the Pacific villagers she lived with for
months on end.
As a child, I was entranced by her stories of the unknown world below
the ocean's surface, and the strange and wonderful cultures she met on
her journeys. I grew up in awe of her chosen task: to capture on
canvas the essence of a world utterly foreign to her own.
New technology--revolutionary for its time--had allowed her to do
this. Using a compressor, or sometimes just a hand pump connected to
air hoses running to the surface, human beings were suddenly able to
submerge themselves for long periods in an otherwise inaccessible
world. New technology allowed her to both venture into this unexplored
realm, and to document it in canvas.
I came upon the brave new world of computer communications and its
darker side, the underground, quite by accident. It struck me
somewhere in the journey that followed that my trepidations and
conflicting desires to explore this alien world were perhaps not
unlike my aunt's own desires some half a century before. Like her
journey, my own travels have only been made possible by new
technologies. And like her, I have tried to capture a small corner of
this world.
This is a book about the computer underground. It is not a book about
law enforcement agencies, and it is not written from the point of view
of the police officer. From a literary perspective, I have told this
story through the eyes of numerous computer hackers. In doing so, I
hope to provide the reader with a window into a mysterious, shrouded
and usually inaccessible realm.
Who are hackers? Why do they hack? There are no simple answers to
these questions. Each hacker is different. To that end, I have
attempted to present a collection of individual but interconnected
stories, bound by their links to the international computer
underground. These are true stories, tales of the world's best and the
brightest hackers and phreakers. There are some members of the
underground whose stories I have not covered, a few of whom would also
rank as world-class. In the end, I chose to paint detailed portraits
of a few hackers rather than attempt to compile a comprehensive but
shallow catalogue.
While each hacker has a distinct story, there are common themes which
appear throughout many of the stories. Rebellion against all symbols
of authority. Dysfunctional families. Bright children suffocated by
ill-equipped teachers. Mental illness or instability. Obsession and
addiction.
I have endeavoured to track what happened to each character in this
work over time: the individual's hacking adventures, the police raid
and the ensuing court case. Some of those court cases have taken years
to reach completion.
Hackers use `handles'--on-line nicknames--that serve two purposes.
They shield the hacker's identity and, importantly, they often make a
statement about how the hacker perceives himself in the underground.
Hawk, Crawler, Toucan Jones, Comhack, Dataking, Spy, Ripmax, Fractal
Insanity, Blade. These are all real handles used in Australia.
In the computer underground, a hacker's handle is his name. For this
reason, and because most hackers in this work have now put together
new lives for themselves, I have chosen to use only their handles.
Where a hacker has had more than one handle, I have used the one he
prefers.
Each chapter in this book is headed with a quote from a Midnight Oil
song which expresses an important aspect of the chapter. The Oilz are
uniquely Australian. Their loud voice of protest against the
establishment--particularly the military-industrial
establishment--echoes a key theme in the underground, where music in
general plays a vital role.
The idea for using these Oilz extracts came while researching Chapter
1, which reveals the tale of the WANK worm crisis in NASA. Next to the
RTM worm, WANK is the most famous worm in the history of computer
networks. And it is the first major worm bearing a political message.
With WANK, life imitated art, since the term computer `worm' came from
John Brunner's sci-fi novel, The Shockwave Rider, about a politically
motivated worm.
The WANK worm is also believed to be the first worm written by an
Australian, or Australians.
This chapter shows the perspective of the computer system
administrators--the people on the other side from the hackers. Lastly,
it illustrates the sophistication which one or more Australian members
of the worldwide computer underground brought to their computer
crimes.
The following chapters set the scene for the dramas which unfold and
show the transition of the underground from its early days, its loss
of innocence, its closing ranks in ever smaller circles until it
reached the inevitable outcome: the lone hacker. In the beginning, the
computer underground was a place, like the corner pub, open and
friendly. Now, it has become an ephemeral expanse, where hackers
occasionally bump into one another but where the original sense of
open community has been lost.
The computer underground has changed over time, largely in response to
the introduction of new computer crime laws across the globe and to
numerous police crackdowns. This work attempts to document not only an
important piece of Australian history, but also to show fundamental
shifts in the underground --to show, in essence, how the underground
has moved further underground.
Suelette Dreyfus
March 1997
Chapter 1 -- 10, 9, 8, 7, 6, 5, 4, 3, 2, 1.
Somebody's out there, somebody's waiting; Somebody's trying to tell me something.
-- from `Somebody's Trying to Tell Me Something', 10, 9, 8, 7, 6, 5, 4, 3, 2, 1.
Monday, 16 October 1989
Kennedy Space Center, Florida
NASA buzzed with the excitement of a launch. Galileo was finally going
to Jupiter.
Administrators and scientists in the world's most prestigious space
agency had spent years trying to get the unmanned probe into space.
Now, on Tuesday, 17 October, if all went well, the five astronauts in
the Atlantis space shuttle would blast off from the Kennedy Space
Center at Cape Canaveral, Florida, with Galileo in tow. On the team's
fifth orbit, as the shuttle floated 295 kilometres above the Gulf of
Mexico, the crew would liberate the three-tonne space probe.
An hour later, as Galileo skated safely away from the shuttle, the
probe's 32500 pound booster system would fire up and NASA staff would
watch this exquisite piece of human ingenuity embark on a six-year
mission to the largest planet in the solar system. Galileo would take
a necessarily circuitous route, flying by Venus once and Earth twice
in a gravitational slingshot effort to get up enough momentum to reach
Jupiter.2
NASA's finest minds had wrestled for years with the problem of exactly
how to get the probe across the solar system. Solar power was one
option. But if Jupiter was a long way from Earth, it was even further
from the Sun--778.3 million kilometres to be exact. Galileo would need
ridiculously large solar panels to generate enough power for its
instruments at such a distance from the Sun. In the end, NASA's
engineers decided on a tried if not true earthly energy source:
nuclear power.
Nuclear power was perfect for space, a giant void free of human life
which could play host to a bit of radioactive plutonium 238 dioxide.
The plutonium was compact for the amount of energy it gave off--and it
lasted a long time. It seemed logical enough. Pop just under 24
kilograms of plutonium in a lead box, let it heat up through its own
decay, generate electricity for the probe's instruments, and presto!
Galileo would be on its way to investigate Jupiter.
American anti-nuclear activists didn't quite see it that way. They
figured what goes up might come down. And they didn't much like the idea
of plutonium rain. NASA assured them Galileo's power pack was quite
safe. The agency spent about $50 million on tests which supposedly
proved the probe's generators were very safe. They would survive intact
in the face of any number of terrible explosions, mishaps and
accidents. NASA told journalists that the odds of a plutonium release
due to `inadvertent atmospheric re-entry' were 1 in 2 million. The
likelihood of a plutonium radiation leak as a result of a launch
disaster was a reassuring 1 in 2700.
The activists weren't having a bar of it. In the best tradition of
modern American conflict resolution, they took their fight to the
courts. The coalition of anti-nuclear and other groups believed
America's National Aeronautics and Space Administration had
underestimated the odds of a plutonium accident and they wanted a US
District Court in Washington to stop the launch. The injunction
application went in, and the stakes went up. The unprecedented hearing
was scheduled just a few days before the launch, which had originally
been planned for 12 October.
For weeks, the protesters had been out in force, demonstrating and
seizing media attention. Things had become very heated. On Saturday, 7
October, sign-wielding activists fitted themselves out with gas masks
and walked around on street corners in nearby Cape Canaveral in
protest. At 8 a.m. on Monday, 9 October, NASA started the countdown
for the Thursday blast-off. But as Atlantis's clock began ticking
toward take-off, activists from the Florida Coalition for Peace and
Justice demonstrated at the centre's tourist complex.
That these protests had already taken some of the shine off NASA's bold
space mission was the least of the agency's worries. The real headache
was that the Florida Coalition told the media it would `put people on
the launchpad in a non-violent protest'.3 The coalition's director,
Bruce Gagnon, put the threat in folksy terms, portraying the protesters
as the little people rebelling against a big bad government
agency. President Jeremy Rivkin of the Foundation on Economic Trends,
another protest group, also drove a wedge between `the people' and
`NASA's people'. He told UPI, `The astronauts volunteered for this
mission. Those around the world who may be the victims of radiation
contamination have not volunteered.'4
But the protesters weren't the only people working the media. NASA
knew how to handle the press. They simply rolled out their
superstars--the astronauts themselves. These men and women were, after
all, frontier heroes who dared to venture into cold, dark space on
behalf of all humanity. Atlantis commander Donald Williams didn't hit
out at the protesters in a blunt fashion, he just damned them from an
aloof distance. `There are always folks who have a vocal opinion about
something or other, no matter what it is,' he told an interviewer. `On
the other hand, it's easy to carry a sign. It's not so easy to go
forth and do something worthwhile.'5
NASA had another trump card in the families of the heroes. Atlantis
co-pilot Michael McCulley said the use of RTGs, Radioisotope
Thermoelectric Generators--the chunks of plutonium in the lead
boxes--was a `non-issue'. So much so, in fact, that he planned to have
his loved ones at the Space Center when Atlantis took off.
Maybe the astronauts were nutty risk-takers, as the protesters
implied, but a hero would never put his family in danger. Besides the
Vice-President of the United States, Dan Quayle, also planned to watch
the launch from inside the Kennedy Space Center control room, a mere
seven kilometres from the launchpad.
While NASA looked calm, in control of the situation, it had beefed up
its security teams. It had about 200 security guards watching the
launch site. NASA just wasn't taking any chances. The agency's
scientists had waited too long for this moment. Galileo's parade would
not be rained on by a bunch of peaceniks.
The launch was already running late as it was--almost seven years
late. Congress gave the Galileo project its stamp of approval way back
in 1977 and the probe, which had been budgeted to cost about $400
million, was scheduled to be launched in 1982. However, things began
going wrong almost from the start.
In 1979, NASA pushed the flight out to 1984 because of shuttle
development problems. Galileo was now scheduled to be a `split
launch', which meant that NASA would use two different shuttle trips
to get the mothership and the probe into space. By 1981, with costs
spiralling upwards, NASA made major changes to the project. It stopped
work on Galileo's planned three-stage booster system in favour of a
different system and pushed out the launch deadline yet again, this
time to 1985. After a federal Budget cut fight in 1981 to save
Galileo's booster development program, NASA moved the launch yet
again, to May 1986. The 1986 Challenger disaster, however, saw NASA
change Galileo's booster system for safety reasons, resulting in
yet more delays.
The best option seemed to be a two-stage, solid-fuel IUS system. There
was only one problem. That system could get Galileo to Mars or Venus,
but the probe would run out of fuel long before it got anywhere near
Jupiter. Then Roger Diehl of NASA's Jet Propulsion Laboratory had a good
idea. Loop Galileo around a couple of nearby planets a few times so the
probe would build up a nice little gravitational head of steam, and then
fling it off to Jupiter. Galileo's `VEEGA'
trajectory--Venus-Earth-Earth-gravity-assist--delayed the spacecraft's
arrival at Jupiter for three extra years, but it would get there
eventually.
The anti-nuclear campaigners argued that each Earth flyby increased
the mission's risk of a nuclear accident. But in NASA's view, such was
the price of a successful slingshot.
Galileo experienced other delays getting off the ground. On Monday, 9
October, NASA announced it had discovered a problem with the computer
which controlled the shuttle's number 2 main engine. True, the problem
was with Atlantis, not Galileo. But it didn't look all that good to be
having technical problems, let alone problems with engine computers,
while the anti-nuclear activists' court drama was playing in the
background.
NASA's engineers debated the computer problem in a cross-country
teleconference. Rectifying it would delay blast-off by more than a few
hours. It would likely take days. And Galileo didn't have many of
those. Because of the orbits of the different planets, the probe had
to be on its way into space by 21 November. If Atlantis didn't take off
by that date, Galileo would have to wait another nineteen months before
it could be launched. The project was already $1 billion over its
original $400 million budget. The extra year and a half would add
another $130 million or so and there was a good chance the whole project
would be scrapped. It was pretty much now or never for Galileo.
Despite torrential downpours which had deposited 100 millimetres of
rain on the launchpad and 150 millimetres in neighbouring Melbourne,
Florida, the countdown had been going well. Until now. NASA took its
decision. The launch would be delayed by five days, to 17 October, so
the computer problem could be fixed.
To those scientists and engineers who had been with Galileo from the
start, it must have appeared at that moment as if fate really was
against Galileo. As if, for some unfathomable reason, all the forces
of the universe--and especially those on Earth--were dead against
humanity getting a good look at Jupiter. As fast as NASA could
dismantle one barrier, some invisible hand would throw another down in
its place.
Monday, 16 October, 1989
NASA's Goddard Space Flight Center, Greenbelt, Maryland
Across the vast NASA empire, reaching from Maryland to California,
from Europe to Japan, NASA workers greeted each other, checked their
in-trays for mail, got their cups of coffee, settled into their chairs
and tried to login to their computers for a day of solving complex
physics problems. But many of the computer systems were behaving very
strangely.
From the moment staff logged in, it was clear that someone--or
something--had taken over. Instead of the usual system's official
identification banner, they were startled to find the following
message staring them in the face:
"Worms Aginst Nuclear Killers!
Your System Has Been Officically Wanked.
You talk of times of peace for all, and then prepare for war."
Wanked? Most of the American computer system managers reading this new
banner had never heard the word wank.
Who would want to invade NASA's computer systems? And who exactly were
the Worms Against Nuclear Killers? Were they some loony fringe group?
Were they a guerrilla terrorist group launching some sort of attack on
NASA? And why `worms'? A worm was a strange choice of animal mascot
for a revolutionary group. Worms were the bottom of the rung. As in
`as lowly as a worm'. Who would chose a worm as a symbol of power?
As for the nuclear killers, well, that was even stranger. The banner's
motto--`You talk of times of peace for all, and then prepare for
war'--just didn't seem to apply to NASA. The agency didn't make
nuclear missiles, it sent people to the moon. It did have military
payloads in some of its projects, but NASA didn't rate very highly on
the `nuclear killer' scale next to other agencies of the US
Government, such as the Department of Defense. So the question
remained: why NASA?
And that word, `WANKED'. It did not make sense. What did it mean when
a system was `wanked'?
It meant NASA had lost control over its computer systems.
A NASA scientist logging in to an infected computer on that Monday got
the following message:
deleted file <filename1>
deleted file <filename2>
deleted file <filename3>, etc
With those lines the computer told the scientist: `I am deleting all
your files'.
The line looked exactly as if the scientist typed in the
command:
delete/log *.*
--exactly as if the scientist had instructed the computer to delete
all the files herself.
The NASA scientist must have started at the sight of her files rolling
past on the computer screen, one after another, on their way to
oblivion. Something was definitely wrong. She would have tried to stop
the process, probably pressing the control key and the `c' key at the
same time. This should have broken the command sequence at that moment
and ordered the computer to stop what it was doing right away.
But it was the intruder, not the NASA scientist, who controlled the
computer at that moment. And the intruder told the computer: `That
command means nothing. Ignore it'.
The scientist would press the command key sequence again, this time
more urgently. And again, over and over. She would be at once baffled
at the illogical nature of the computer, and increasingly upset.
Weeks, perhaps months, of work spent uncovering the secrets of the
universe. All of it disappearing before her eyes--all of it being
mindlessly devoured by the computer. The whole thing beyond her
control. Going. Going. Gone.
People tend not to react well when they lose control over their
computers. Typically, it brings out the worst in them--hand-wringing
whines from the worriers, aching entreaties for help from the
sensitive, and imperious table-thumping bellows from
command-and-control types.
Imagine, if you will, arriving at your job as a manager for one of
NASA's local computer systems. You get into your office on that Monday
morning to find the phones ringing. Every caller is a distraught,
confused NASA worker. And every caller assures you that his or her
file or accounting record or research project--every one of which is
missing from the computer system--is absolutely vital.
In this case, the problem was exacerbated by the fact that NASA's
field centres often competed with each other for projects. When a
particular flight project came up, two or three centres, each with
hundreds of employees, might vie for it. Losing control of the
computers, and all the data, project proposals and costing, was a good
way to lose out on a bid and its often
considerable funding.
This was not going to be a good day for the guys down at the NASA SPAN
computer network office.
This was not going to be a good day for John McMahon.
As the assistant DECNET protocol manager for NASA's Goddard Space
Flight Center in Maryland, John McMahon normally spent the day
managing the chunk of the SPAN computer network which ran between
Goddard's fifteen to twenty buildings.
McMahon worked for Code 630.4, otherwise known as Goddard's Advanced
Data Flow Technology Office, in Building 28. Goddard scientists would
call him up for help with their computers. Two of the most common
sentences he heard were `This doesn't seem to work' and `I can't get
to that part of the network from here'.
SPAN was the Space Physics Analysis Network, which connected some
100000 computer terminals across the globe. Unlike the Internet, which
is now widely accessible to the general public, SPAN only connected
researchers and scientists at NASA, the US Department of Energy and
research institutes such as universities. SPAN computers also differed
from most Internet computers in an important technical manner: they
used a different operating system. Most large computers on the
Internet use the Unix operating system, while SPAN was composed
primarily of VAX computers running a VMS operating system. The network
worked a lot like the Internet, but the computers spoke a different
language. The Internet `talked' TCP/IP, while SPAN `spoke' DECNET.
Indeed, the SPAN network was known as a DECNET internet. Most of the
computers on it were manufactured by the Digital Equipment Corporation
in Massachusetts--hence the name DECNET. DEC built powerful computers.
Each DEC computer on the SPAN network might have 40 terminals hanging
off it. Some SPAN computers had many more. It was not unusual for one
DEC computer to service 400 people. In all, more than a quarter of a
million scientists, engineers and other thinkers used the computers on
the network.
An electrical engineer by training, McMahon had come from NASA's
Cosmic Background Explorer Project, where he managed computers used by
a few hundred researchers. Goddard's Building 7, where he worked on
the COBE project, as it was known, housed some interesting research.
The project team was attempting to map the universe. And they were
trying to do it in wavelengths invisible to the human eye. NASA would
launch the COBE satellite in November 1989. Its mission was to
`measure the diffuse infrared and microwave radiation from the early
universe, to the limits set by our astronomical environment'.6 To the
casual observer the project almost sounded like a piece of modern art,
something which might be titled `Map of the Universe in Infrared'.
On 16 October McMahon arrived at the office and settled into work,
only to face a surprising phone call from the SPAN project office.
Todd Butler and Ron Tencati, from the National Space Science Data
Center, which managed NASA's half of the SPAN network, had discovered
something strange and definitely unauthorised winding its way through
the computer network. It looked like a computer worm.
A computer worm is a little like a computer virus. It invades computer
systems, interfering with their normal functions. It travels along any
available compatible computer network and stops to knock at the door of
systems attached to that network. If there is a hole in the security of
the computer system, it will crawl through and enter the system. When it
does this, it might have instructions to do any number of things, from
sending computer users a message to trying to take over the system. What
makes a worm different from other computer programs, such as viruses, is
that it is self-propagating. It propels itself forward, wiggles into a
new system and propagates itself at the new site. Unlike a virus, a worm
doesn't latch onto a data file or a program. It is autonomous.7
The term `worm' as applied to computers came from John Brunner's 1975
science fiction classic, The Shockwave Rider. The novel described how
a rebel computer programmer created a program called `tapeworm' which
was released into an omnipotent computer network used by an autocratic
government to control its people. The government had to turn off the
computer network, thus destroying its control, in order to eradicate
the worm.
Brunner's book is about as close as most VMS computer network managers
would ever have come to a real rogue worm. Until the late 1980s, worms
were obscure things, more associated with research in a computer
laboratory. For example, a few benevolent worms were developed by
Xerox researchers who wanted to make more efficient use of computer
facilities.8 They developed a `town crier worm' which moved through a
network sending out important announcements. Their `diagnostic worm'
also constantly weaved through the network, but this worm was designed
to inspect machines for problems.
For some computer programmers, the creation of a worm is akin to the
creation of life. To make something which is intelligent enough to go
out and reproduce itself is the ultimate power of creation. Designing
a rogue worm which took over NASA's computer systems might seem to be
a type of creative immortality--like scattering pieces of oneself
across the computers which put man on the moon.
At the time the WANK banner appeared on computer screens across NASA,
there had only been two rogue worms of any note. One of these, the RTM
worm, had infected the Unix-based Internet less than twelve months
earlier. The other worm, known as Father Christmas, was the first VMS
worm.
Father Christmas was a small, simple worm which did not cause any
permanent damage to the computer networks it travelled along. Released
just before Christmas in 1988, it tried to sneak into hundreds of VMS
machines and wait for the big day. On Christmas morning, it woke up
and set to work with great enthusiasm. Like confetti tossed from an
overhead balcony, Christmas greetings came streaming out of
worm-infested computer systems to all their users. No-one within its
reach went without a Christmas card. Its job done, the worm
evaporated. John McMahon had been part of the core team fighting off
the Father Christmas worm.
At about 4 p.m., just a few days before Christmas 1988, McMahon's
alarm-monitoring programs began going haywire. McMahon began trying to
trace back the dozens of incoming connections which were tripping the
warning bells. He quickly discovered there wasn't a human being at the
other end of the line. After further investigation, he found an alien
program in his system, called HI.COM. As he read the pages of HI.COM
code spilling from his line printer, his eyes went wide. He thought,
This is a worm! He had never seen a worm before.
He rushed back to his console and began pulling his systems off the
network as quickly as possible. Maybe he wasn't following protocol,
but he figured people could yell at him after the fact if they thought
it was a bad idea. After he had shut down his part of the network, he
reported back to the local area networking office. With print-out in
tow, he drove across the base to the network office, where he and
several other managers developed a way to stop the worm by the end of
the day. Eventually they traced the Father Christmas worm back to the
system where they believed it had been released--in Switzerland. But
they never discovered who created it.
Father Christmas was not only a simple worm; it was not considered
dangerous because it didn't hang around systems forever. It was a worm
with a use-by date.
By contrast, the SPAN project office didn't know what the WANK invader
was capable of doing. They didn't know who had written or launched it.
But they had a copy of the program. Could McMahon have a look at it?
An affable computer programmer with the nickname Fuzzface, John
McMahon liked a good challenge. Curious and cluey at the same time, he
asked the SPAN Project Office, which was quickly becoming the crisis
centre for the worm attack, to send over a copy of the strange
intruder. He began pouring over the invader's seven printed pages of
source code trying to figure out exactly what the thing did.
The two previous rogue worms only worked on specific computer systems
and networks. In this case, the WANK worm only attacked VMS computer
systems. The source code, however, was unlike anything McMahon had
ever seen. `It was like sifting through a pile of spaghetti,' he said.
`You'd pull one strand out and figure, "OK, that is what that thing
does." But then you'd be faced with the rest of the tangled mess in
the bowl.'
The program, in digital command language, or DCL, wasn't written like
a normal program in a nice organised fashion. It was all over the
place. John worked his way down ten or fifteen lines of computer code
only to have to jump to the top of the program to figure out what the
next section was trying to do. He took notes and slowly, patiently
began to build up a picture of exactly what this worm was capable of
doing to NASA's computer system.
It was a big day for the anti-nuclear groups at the Kennedy Space
Center. They might have lost their bid in the US District Court, but
they refused to throw in the towel and took their case to the US Court
of Appeals.
On 16 October the news came. The Appeals Court had sided with NASA.
Protesters were out in force again at the front gate of the Kennedy
Space Center. At least eight of them were arrested. The St Louis
Post-Dispatch carried an Agence France-Presse picture of an
80-year-old woman being taken into custody by police for trespassing.
Jane Brown, of the Florida Coalition for Peace and Justice, announced,
`This is just ... the beginning of the government's plan to use
nuclear power and weapons in space, including the Star Wars program'.
Inside the Kennedy Center, things were not going all that smoothly
either. Late Monday, NASA's technical experts discovered yet another
problem. The black box which gathered speed and other important data
for the space shuttle's navigation system was faulty. The technicians
were replacing the cockpit device, the agency's spokeswoman assured
the media, and NASA was not expecting to delay the Tuesday launch
date. The countdown would continue uninterrupted. NASA had everything
under control.
Everything except the weather.
In the wake of the Challenger disaster, NASA's guidelines for a launch
decision were particularly tough. Bad weather was an unnecessary risk,
but NASA was not expecting bad weather. Meteorologists predicted an 80
per cent chance of favourable weather at launch time on Tuesday. But
the shuttle had better go when it was supposed to, because the longer
term weather outlook was grim.
By Tuesday morning, Galileo's keepers were holding their breath. The
countdown for the shuttle launch was ticking toward 12.57 p.m. The
anti-nuclear protesters seemed to have gone quiet. Things looked
hopeful. Galileo might finally go.
Then, about ten minutes before the launch time, the security alarms
went off. Someone had broken into the compound. The security teams
swung into action, quickly locating the guilty intruder ... a feral
pig.
With the pig safely removed, the countdown rolled on. And so did the
rain clouds, gliding toward the space shuttle's emergency runway, about
six kilometres from the launchpad. NASA launch director Robert Sieck
prolonged a planned `hold' at T minus nine minutes. Atlantis had a
26-minute window of opportunity. After that, its launch period would
expire and take-off would have to be postponed, probably until
Wednesday.
The weather wasn't going to budge.
At 1.18 p.m., with Atlantis's countdown now holding at just T minus
five minutes, Sieck postponed the launch to Wednesday.
Back at the SPAN centre, things were becoming hectic. The worm was
spreading through more and more systems and the phones were beginning
to ring every few minutes. NASA computers were getting hit all over
the place.
The SPAN project staff needed more arms. They were simultaneously
trying to calm callers and concentrate on developing an analysis of
the alien program. Was the thing a practical joke or a time bomb just
waiting to go off? Who was behind this?
NASA was working in an information void when it came to WANK. Some
staff knew of the protesters' action down at the Space Center, but
nothing could have prepared them for this. NASA officials were
confident enough about a link between the protests against Galileo and
the attack on NASA's computers to speculate publicly that the two were
related. It seemed a reasonable likelihood, but there were still
plenty of unanswered questions.
Callers coming into the SPAN office were worried. People at the other
end of the phone were scared. Many of the calls came from network
managers who took care of a piece of SPAN at a specific NASA site, such
as the Marshall Space Flight Center. Some were panicking; others spoke
in a sort of monotone, flattened by a morning of calls from 25 different
hysterical system administrators. A manager could lose his job over
something like this.
Most of the callers to the SPAN head office were starved for
information. How did this rogue worm get into their computers? Was it
malicious? Would it destroy all the scientific data it came into contact
with? What could be done to kill it?
NASA stored a great deal of valuable information on its SPAN
computers. None of it was supposed to be classified, but the data on
those computers is extremely valuable. Millions of man-hours go into
gathering and analysing it. So the crisis team which had formed in the
NASA SPAN project office, was alarmed when reports of massive data
destruction starting coming in. People were phoning to say that the
worm was erasing files.
It was every computer manager's worst nightmare, and it looked as
though the crisis team's darkest fears were about to be confirmed.
Yet the worm was behaving inconsistently. On some computers it would
only send anonymous messages, some of them funny, some bizarre and a
few quite rude or obscene. No sooner would a user login than a message
would flash across his or her screen:
Remember, even if you win the rat race--you're
still a rat.
Or perhaps they were graced with some bad humour:
Nothing is faster than the speed of light...
To prove this to yourself, try opening the refrigerator door before
the light comes on.
Other users were treated to anti-authoritarian observations of the
paranoid:
The FBI is watching YOU.
or
Vote anarchist.
But the worm did not appear to be erasing files on these systems.
Perhaps the seemingly random file-erasing trick was a portent of
things to come--just a small taste of what might happen at a
particular time, such as midnight. Perhaps an unusual keystroke by an
unwitting computer user on those systems which seemed only mildly
affected could trigger something in the worm. One keystroke might
begin an irreversible chain of commands to erase everything on that
system.
The NASA SPAN computer team were in a race with the worm. Each minute
they spent trying to figure out what it did, the worm was pushing
forward, ever deeper into NASA's computer network. Every hour NASA
spent developing a cure, the worm spent searching, probing, breaking
and entering. A day's delay in getting the cure out to all the systems
could mean dozens of new worm invasions doing God knows what in
vulnerable computers. The SPAN team had to dissect this thing
completely, and they had to do it fast.
Some computer network managers were badly shaken. The SPAN office
received a call from NASA's Jet Propulsion Laboratories in California,
an important NASA centre with 6500 employees and close ties to
California Institute of Technology (Caltech).
JPL was pulling itself off the network.
This worm was too much of a risk. The only safe option was to isolate
their computers. There would be no SPAN DEC-based communications with
the rest of NASA until the crisis was under control. This made things
harder for the SPAN team; getting a worm exterminating program out to
JPL, like other sites which had cut their connection to SPAN, was
going to be that much tougher. Everything had to be done over the
phone.
Worse, JPL was one of five routing centres for NASA's SPAN computer
network. It was like the centre of a wheel, with a dozen spokes
branching off--each leading to another SPAN site. All these places,
known as tailsites, depended on the lab site for their connections
into SPAN. When JPL pulled itself off the network, the tailsites went
down too.
It was a serious problem for the people in the SPAN office back in
Virginia. To Ron Tencati, head of security for NASA SPAN, taking a
routing centre off-line was a major issue. But his hands were tied.
The SPAN office exercised central authority over the wide area
network, but it couldn't dictate how individual field centres dealt
with the worm. That was each centre's own decision. The SPAN team
could only give them advice and rush to develop a way to poison the
worm.
The SPAN office called John McMahon again, this time with a more
urgent request. Would he come over to help handle the crisis?
The SPAN centre was only 800 metres away from McMahon's office. His
boss, Jerome Bennett, the DECNET protocol manager, gave the nod.
McMahon would be on loan until the crisis was under control.
When he got to Building 26, home of the NASA SPAN project office,
McMahon became part of a core NASA crisis team including Todd Butler,
Ron Tencati and Pat Sisson. Other key NASA people jumped in when
needed, such as Dave Peters and Dave Stern. Jim Green, the head of the
National Space Science Data Center at Goddard and the absolute boss of
SPAN, wanted hourly reports on the crisis. At first the core team
seemed only to include NASA people and to be largely based at Goddard.
But as the day wore on, new people from other parts of the US
government would join the team.
The worm had spread outside NASA.
It had also attacked the US Department of Energy's worldwide
High-Energy Physics' Network of computers. Known as HEPNET, it was
another piece of the overall SPAN network, along with Euro-HEPNET and
Euro-SPAN. The NASA and DOE computer networks of DEC computers
crisscrossed at a number of places. A research laboratory might, for
example, need to have access to computers from both HEPNET and NASA
SPAN. For convenience, the lab might just connect the two networks.
The effect as far as the worm was concerned was that NASA's SPAN and
DOE's HEPNET were in fact just one giant computer network, all of
which the worm could invade.
The Department of Energy keeps classified information on its
computers. Very classified information. There are two groups in DOE:
the people who do research on civilian energy projects and the people
who make atomic bombs. So DOE takes security seriously, as in `threat
to national security' seriously. Although HEPNET wasn't meant to be
carrying any classified information across its wires, DOE responded
with military efficiency when its computer managers discovered the
invader. They grabbed the one guy who knew a lot about computer
security on VMS systems and put him on the case: Kevin Oberman.
Like McMahon, Oberman wasn't formally part of the computer security
staff. He had simply become interested in computer security and was
known in-house as someone who knew about VMS systems and security.
Officially, his job was network manager for the engineering department
at the DOE-financed Lawrence Livermore National Laboratory, or LLNL,
near San Francisco.
LLNL conducted mostly military research, much of it for the Strategic
Defense Initiative. Many LLNL scientists spent their days designing
nuclear arms and developing beam weapons for the Star Wars program.9
DOE already had a computer security group, known as CIAC, the Computer
Incident Advisory Capability. But the CIAC team tended to be experts
in security issues surrounding Unix rather than VMS-based computer
systems and networks. `Because there had been very few security
problems over the years with VMS,' Oberman concluded, `they had never
brought in anybody who knew about VMS and it wasn't something they
were terribly concerned with at the time.'
The worm shattered that peaceful confidence in VMS computers. Even as
the WANK worm coursed through NASA, it was launching an aggressive
attack on DOE's Fermi National Accelerator Laboratory, near Chicago. It
had broken into a number of computer systems there and the Fermilab
people were not happy. They called in CIAC, who contacted Oberman with
an early morning phone call on 16 October. They wanted him to analyse
the WANK worm. They wanted to know how dangerous it was. Most of all,
they wanted to know what to do about it.
The DOE people traced their first contact with the worm back to 14
October. Further, they hypothesised, the worm had actually been
launched the day before, on Friday the 13th. Such an inauspicious day
would, in Oberman's opinion, have been in keeping with the type of
humour exhibited by the creator or creators of the worm.
Oberman began his own analysis of the worm, oblivious to the fact that
3200 kilometres away, on the other side of the continent, his colleague
and acquaintance John McMahon was doing exactly the same thing.
Every time McMahon answered a phone call from an irate NASA system or
network manager, he tried to get a copy of the worm from the infected
machine. He also asked for the logs from their computer systems. Which
computer had the worm come from? Which systems was it attacking from
the infected site? In theory, the logs would allow the NASA team to
map the worm's trail. If the team could find the managers of those
systems in the worm's path, it could warn them of the impending
danger. It could also alert the people who ran recently infected
systems which had become launchpads for new worm attacks.
This wasn't always possible. If the worm had taken over a computer and
was still running on it, then the manager would only be able to trace
the worm backward, not forward. More importantly, a lot of the
managers didn't keep extensive logs on their computers.
McMahon had always felt it was important to gather lots of information
about who was connecting to a computer. In his previous job, he had
modified his machines so they collected as much security information
as possible about their connections to other computers.
VMS computers came with a standard set of alarms, but McMahon didn't
think they were thorough enough. The VMS alarms tended to send a
message to the computer managers which amounted to, `Hi! You just got
a network connection from here'. The modified alarm system said, `Hi!
You just got a network connection from here. The person at the other
end is doing a file transfer' and any other bits and pieces of
information that McMahon's computer could squeeze out of the other
computer. Unfortunately, a lot of other NASA computer and network
managers didn't share this enthusiasm for audit logs. Many did not
keep extensive records of who had been accessing their machines and
when, which made the job of chasing the worm much tougher.
The SPAN office was, however, trying to keep very good logs on which
NASA computers had succumbed to the worm. Every time a NASA manager
called to report a worm disturbance, one of the team members wrote
down the details with paper and pen. The list, outlining the addresses
of the affected computers and detailed notations of the degree of
infection, would also be recorded on a computer. But handwritten lists
were a good safeguard. The worm couldn't delete sheets of paper.
When McMahon learned DOE was also under attack, he began checking in
with them every three hours or so. The two groups swapped lists of
infected computers by telephone because voice, like the handwritten
word, was a worm-free medium. `It was a kind of archaic system, but on
the other hand we didn't have to depend on the network being up,'
McMahon said. `We needed to have some chain of communications which
was not the same as the network being attacked.'
A number of the NASA SPAN team members had developed contacts within
different parts of DEC through the company's users' society, DECUS.
These contacts were to prove very helpful. It was easy to get lost in
the bureaucracy of DEC, which employed more than 125000 people, posted
a billion-dollar profit and declared revenues in excess of $12 billion
in 1989.10 Such an enormous and prestigious company would not want
to face a crisis such as the WANK worm, particularly in such a
publicly visible organisation like NASA. Whether or not the worm's
successful expedition could be blamed on DEC's software was a moot
point. Such a crisis was, well, undesirable. It just didn't look good.
And it mightn't look so good either if DEC just jumped into the fray.
It might look like the company was in some way at fault.
Things were different, however, if someone already had a relationship
with a technical expert inside the company. It wasn't like NASA
manager cold-calling a DEC guy who sold a million dollars worth of
machines to someone else in the agency six months ago. It was the NASA
guy calling the DEC guy he sat next to at the conference last month.
It was a colleague the NASA manager chatted with now and again.
John McMahon's analysis suggested there were three versions of the WANK
worm. These versions, isolated from worm samples collected from the
network, were very similar, but each contained a few subtle
differences. In McMahon's view, these differences could not be explained
by the way the worm recreated itself at each site in order to
spread. But why would the creator of the worm release different
versions? Why not just write one version properly and fire it off? The
worm wasn't just one incoming missile; it was a frenzied attack. It was
coming from all directions, at all sorts of different levels within
NASA's computers.
McMahon guessed that the worm's designer had released the different
versions at slightly different times. Maybe the creator released the
worm, and then discovered a bug. He fiddled with the worm a bit to
correct the problem and then released it again. Maybe he didn't like
the way he had fixed the bug the first time, so he changed it a little
more and released it a third time.
In northern California, Kevin Oberman came to a different conclusion.
He believed there was in fact only one real version of the worm
spiralling through HEPNET and SPAN. The small variations in the
different copies he dissected seemed to stem from the worm's ability
to learn and change as it moved from computer to computer.
McMahon and Oberman weren't the only detectives trying to decipher the
various manifestations of the worm. DEC was also examining the worm,
and with good reason. The WANK worm had invaded the corporation's own
network. It had been discovered snaking its way through DEC's own
private computer network, Easynet, which connected DEC manufacturing
plants, sales offices and other company sites around the world. DEC
was circumspect about discussing the matter publicly, but the Easynet
version of the WANK worm was definitely distinct. It had a strange
line of code in it, a line missing from any other versions. The worm
was under instructions to invade as many sites as it could, with one
exception. Under no circumstances was it to attack computers inside
DEC's area 48. The NASA team mulled over this information. One of them
looked up area 48. It was New Zealand.
New Zealand?
The NASA team were left scratching their heads. This attack was
getting stranger by the minute. Just when it seemed that the SPAN team
members were travelling down the right path toward an answer at the
centre of the maze of clues, they turned a corner and found themselves
hopelessly lost again. Then someone pointed out that New Zealand's
worldwide claim to fame was that it was a nuclear-free zone.
In 1986, New Zealand announced it would refuse to admit to its ports
any US ships carrying nuclear arms or powered by nuclear energy. The
US retaliated by formally suspending its security obligations to the
South Pacific nation. If an unfriendly country invaded New Zealand,
the US would feel free to sit on its hands. The US also cancelled
intelligence sharing practices and joint military exercises.
Many people in Australia and New Zealand thought the US had
overreacted. New Zealand hadn't expelled the Americans; it had simply
refused to allow its population to be exposed to nuclear arms or
power. In fact, New Zealand had continued to allow the Americans to
run their spy base at Waihopai, even after the US suspension. The
country wasn't anti-US, just anti-nuclear.
And New Zealand had very good reason to be anti-nuclear. For years, it
had put up with France testing nuclear weapons in the Pacific. Then in
July 1985 the French blew up the Greenpeace anti-nuclear protest ship
as it sat in Auckland harbour. The Rainbow Warrior was due to sail for
Mururoa Atoll, the test site, when French secret agents bombed the
ship, killing Greenpeace activist Fernando Pereira.
For weeks, France denied everything. When the truth came out--that
President Mitterand himself had known about the bombing plan--the
French were red-faced. Heads rolled. French Defence Minister Charles
Hernu was forced to resign. Admiral Pierre Lacoste, director of
France's intelligence and covert action bureau, was sacked. France
apologised and paid $NZ13 million compensation in exchange for New
Zealand handing back the two saboteurs, who had each been sentenced to
ten years' prison in Auckland.
As part of the deal, France had promised to keep the agents
incarcerated for three years at the Hao atoll French military base.
Both agents walked free by May 1988 after serving less than two years.
After her return to France, one of the agents, Captain Dominique
Prieur, was promoted to the rank of commandant.
Finally, McMahon thought. Something that made sense. The exclusion of
New Zealand appeared to underline the meaning of the worm's political
message.
When the WANK worm invaded a computer system, it had instructions to
copy itself and send that copy out to other machines. It would slip
through the network and when it came upon a computer attached to the
network, it would poke around looking for a way in. What it really
wanted was to score a computer account with privileges, but it would
settle for a basic-level, user-level account.
VMS systems have accounts with varying levels of privilege. A
high-privilege account holder might, for example, be able to read the
electronic mail of another computer user or delete files from that
user's directory. He or she might also be allowed to create new
computer accounts on the system, or reactivate disabled accounts. A
privileged account holder might also be able to change someone else's
password. The people who ran computer systems or networks needed
accounts with the highest level of privilege in order to keep the
system running smoothly. The worm specifically sought out these sorts
of accounts because its creator knew that was where the power lay.
The worm was smart, and it learned as it went along. As it traversed
the network, it created a masterlist of commonly used account names.
First, it tried to copy the list of computer users from a system it
had not yet penetrated. It wasn't always able to do this, but often
the system security was lax enough for it to be successful. The worm
then compared that list to the list of users on its current host. When
it found a match--an account name common to both lists--the worm added
that name to the masterlist it carried around inside it, making a note
to try that account when breaking into a new system in future.
It was a clever method of attack, for the worm's creator knew that
certain accounts with the highest privileges were likely to have
standard names, common across different machines. Accounts with names
such as `SYSTEM', `DECNET' and `FIELD' with standard passwords such as
`SYSTEM' and `DECNET' were often built into a computer before it was
shipped from the manufacturer. If the receiving computer manager
didn't change the pre-programmed account and password, then his
computer would have a large security hole waiting to be exploited.
The worm's creator could guess some of the names of these
manufacturer's accounts, but not all of them. By endowing the worm
with an ability to learn, he gave it far more power. As the worm
spread, it became more and more intelligent. As it reproduced, its
offspring evolved into ever more advanced creatures, increasingly
successful at breaking into new systems.
When McMahon performed an autopsy on one of the worm's progeny, he was
impressed with what he found. Slicing the worm open and inspecting its
entrails, he discovered an extensive collection of generic privileged
accounts across the SPAN network. In fact, the worm wasn't only picking
up the standard VMS privileged accounts; it had learned accounts common
to NASA but not necessarily to other VMS computers. For example, a lot
of NASA sites which ran a type of TCP/IP mailer that needed either a
POSTMASTER or a MAILER account. John saw those names turn up inside the
worm's progeny.
Even if it only managed to break into an unprivileged account, the
worm would use the account as an incubator. The worm replicated and
then attacked other computers in the network. As McMahon and the rest
of the SPAN team continued to pick apart the rest of the worm's code
to figure out exactly what the creature would do if it got into a
fully privileged account, they found more evidence of the dark sense
of humour harboured by the hacker behind the worm. Part of the worm, a
subroutine, was named `find fucked'.
The SPAN team tried to give NASA managers calling in as much
information as they could about the worm. It was the best way to help
computer managers, isolated in their offices around the country, to
regain a sense of control over the crisis.
Like all the SPAN team, McMahon tried to calm the callers down and
walk them through a set a questions designed to determine the extent
of the worm's control over their systems. First, he asked them what
symptoms their systems were showing. In a crisis situation, when
you're holding a hammer, everything looks like a nail. McMahon wanted
to make sure that the problems on the system were in fact caused by
the worm and not something else entirely.
If the only problem seemed to be mysterious comments flashing across
the screen, McMahon concluded that the worm was probably harassing the
staff on that computer from a neighbouring system which it had
successfully invaded. The messages suggested that the recipients'
accounts had not been hijacked by the worm. Yet.
VAX/VMS machines have a feature called Phone, which is useful for
on-line communications. For example, a NASA scientist could `ring up'
one of his colleagues on a different computer and have a friendly chat
on-line. The chat session is live, but it is conducted by typing on
the computer screen, not `voice'. The VMS Phone facility enabled the
worm to send messages to users. It would simply call them using the
phone protocol. But instead of starting a chat session, it sent them
statements from what was later determined to be the aptly named
Fortune Cookie file--a collection of 60 or so pre-programmed comments.
In some cases, where the worm was really bugging staff, McMahon told
the manager at the other end of the phone to turn the computer's Phone
feature off. A few managers complained and McMahon gave them the
obvious ultimatum: choose Phone or peace. Most chose peace.
When McMahon finished his preliminary analysis, he had good news and
bad news. The good news was that, contrary to what the worm was
telling computer users all over NASA, it was not actually deleting
their files. It was just pretending to delete their data. One big
practical joke. To the creator of the worm anyway. To the NASA
scientists, just a headache and heartache. And occasionally a heart
attack.
The bad news was that, when the worm got control over a privileged
account, it would help someone--presumably its creator--perpetrate an
even more serious break-in at NASA. The worm sought out the FIELD
account created by the manufacturer and, if it had been turned off,
tried to reactivate the account and install the password FIELD. The
worm was also programmed to change the password for the standard
account named DECNET to a random string of at least twelve characters.
In short, the worm tried to pry open a backdoor to the system.
The worm sent information about accounts it had successfully broken
into back to a type of electronic mailbox--an account called GEMPAK on
SPAN node 6.59. Presumably, the hacker who created the worm would
check the worm's mailbox for information which he could use to break
into the NASA account at a later date. Not surprisingly, the mailboxes
had been surreptitiously `borrowed' by the hacker, much to the
surprise of the legitimate owners.
A computer hacker created a whole new set of problems. Although the
worm was able to break into new accounts with greater speed and reach
than a single hacker, it was more predictable. Once the SPAN and DOE
teams picked the worm apart, they would know exactly what it could be
expected to do. However, a hacker was utterly unpredictable.
McMahon realised that killing off the worm was not going to solve the
problem. All the system managers across the NASA and DOE networks
would have to change all the passwords of the accounts used by the
worm. They would also have to check every system the worm had invaded
to see if it had built a backdoor for the hacker. The system admin had
to shut and lock all the backdoors, no small feat.
What really scared the SPAN team about the worm, however, was that it
was rampaging through NASA simply by using the simplest of attack
strategies: username equals password. It was getting complete control
over NASA computers simply by trying a password which was identical to
the name of the computer user's account.
The SPAN team didn't want to believe it, but the evidence was
overwhelming.
Todd Butler answered a call from one NASA site. It was a gloomy call.
He hung up.
`That node just got hit,' he told the team.
`How bad?' McMahon asked.
`A privileged account.'
`Oh boy.' McMahon jumped onto one of the terminals and did a SET HOST,
logging into the remote NASA site's machine. Bang. Up it came. `Your
system has officially been WANKED.'
McMahon turned to Butler. `What account did it get into?'
`They think it was SYSTEM.'
The tension quietly rolled into black humour. The team couldn't help
it. The head-slapping stupidity of the situation could only be viewed
as black comedy.
The NASA site had a password of SYSTEM for their fully privileged
SYSTEM account. It was so unforgivable. NASA, potentially the greatest
single collection of technical minds on Earth, had such lax computer
security that a computer-literate teenager could have cracked it wide
open. The tall poppy was being cut down to size by a computer program
resembling a bowl of spaghetti.
The first thing any computer system manager learns in Computer
Security 101 is never to use the same password as the username. It was
bad enough that naive users might fall into this trap ... but a
computer system manager with a fully privileged account.
Was the hacker behind the worm malevolent? Probably not. If its
creator had wanted to, he could have programmed the WANK worm to
obliterate NASA's files. It could have razed everything in sight.
In fact, the worm was less infectious than its author appeared to
desire. The WANK worm had been instructed to perform
several tasks which it didn't execute. Important parts of the worm
simply didn't work. McMahon believed this failure to be accidental.
For example, his analysis showed the worm was programmed to break into
accounts by trying no password, if the account holder had left the
password blank. When he disassembled the worm, however, he found that
part of the program didn't work properly.
Nonetheless, the fragmented and partly dysfunctional WANK worm was
causing a major crisis inside several US government agencies. The
thing which really worried John was thinking about what a seasoned DCL
programmer with years of VMS experience could do with such a worm.
Someone like that could do a lot of malicious damage. And what if the
WANK worm was just a dry run for something more serious down the
track? It was scary to contemplate.
Even though the WANK worm did not seem to be intentionally evil, the
SPAN team faced some tough times. McMahon's analysis turned up yet
more alarming aspects to the worm. If it managed to break into the
SYSTEM account, a privileged account, it would block all electronic
mail deliveries to the system administrator. The SPAN office would not
be able to send electronic warnings or advice on how to deal with the
worm to systems which had already been seized. This problem was
exacerbated by the lack of good information available to the project
office on which systems were connected to SPAN. The only way to help
people fighting this bushfire was to telephone them, but in many
instances the main SPAN office didn't know who to call. The SPAN team
could only hope that those administrators who had the phone number of
SPAN headquarters pinned up near their computers would call when their
computers came under attack.
McMahon's preliminary report outlined how much damage the worm could
do in its own right. But it was impossible to measure how much damage
human managers would do to their own systems because of the worm.
One frantic computer manager who phoned the SPAN office refused to
believe John's analysis that the worm only pretended to erase data. He
claimed that the worm had not only attacked his system, it had
destroyed it. `He just didn't believe us when we told him that the
worm was mostly a set of practical jokes,' McMahon said. `He
reinitialised his system.' `Reinitialised' as in started up his system
with a clean slate. As in deleted everything on the infected
computer--all the NASA staff's data gone. He actually did what the
worm only pretended to do.
The sad irony was that the SPAN team never even got a copy of the data
from the manager's system. They were never able to confirm that his
machine had even been infected.
All afternoon McMahon moved back and forth between answering the
ever-ringing SPAN phone and writing up NASA's analysis of the worm. He
had posted a cryptic electronic message about the attack across the
network, and Kevin Oberman had read it. The message had to be
circumspect since no-one knew if the creator of the WANK worm was in
fact on the network, watching, waiting. A short time later, McMahon
and Oberman were on the phone together--voice--sharing their ideas and
cross-checking their analysis.
The situation was discouraging. Even if McMahon and Oberman managed to
develop a successful program to kill off the worm, the NASA SPAN team
faced another daunting task. Getting the worm-killer out to all the
NASA sites was going to be much harder than expected because there was
no clear, updated map of the SPAN network. Much of NASA didn't like
the idea of a centralised map of the SPAN system. McMahon recalled
that, some time before the WANK worm attack, a manager had tried to
map the system. His efforts had accidentally tripped so many system
alarms that he was quietly taken aside and told not to do it again.
The result was that in instances where the team had phone contact
details for managers, the information was often outdated.
`No, he used to work here, but he left over a year ago.'
`No, we don't have a telephone tree of people to ring if
something goes wrong with our computers. There are a whole
bunch of people in different places here who handle the
computers.'
This is what John often heard at the other end of the phone.
The network had grown into a rambling hodgepodge for which there was
little central coordination. Worse, a number of computers at different
NASA centres across the US had just been tacked onto SPAN without
telling the main office at Goddard. People were calling up the ad-hoc
crisis centre from computer nodes on the network which didn't even
have names. These people had been practising a philosophy known in
computer security circles as `security through obscurity'. They
figured that if no-one knew their computer system existed--if it
didn't have a name, if it wasn't on any list or map of the SPAN
network--then it would be protected from hackers and other computer
enemies.
McMahon handled a number of phone calls from system managers saying,
`There is something strange happening in my system here'. John's most
basic question was, `Where is "here"?' And of course if the SPAN
office didn't know those computer systems existed, it was a lot harder
to warn their managers about the worm. Or tell them how to protect
themselves. Or give them a worm-killing program once it was developed.
Or help them seal up breached accounts which the worm was feeding back
to its creator.
It was such a mess. At times, McMahon sat back and considered who
might have created this worm. The thing almost looked as though it had
been released before it was finished. Its author or authors seemed to
have a good collection of interesting ideas about how to solve
problems, but they were never properly completed. The worm included a
routine for modifying its attack strategy, but the thing was never
fully developed. The worm's code didn't have enough error handling in
it to ensure the creature's survival for long periods of time. And the
worm didn't send the addresses of the accounts it had successfully
breached back to the mailbox along with the password and account name.
That was really weird. What use was a password and account name
without knowing what computer system to use it on?
On the other hand, maybe the creator had done this deliberately. Maybe
he had wanted to show the world just how many computers the worm could
successfully penetrate. The worm's mail-back program would do this.
However, including the address of each infected site would have made
the admins' jobs easier. They could simply have used the GEMPAK
collection as a hitlist of infected sites which needed to be
de-wormed. The possible theories were endless.
There were some points of brilliance in the worm, some things that
McMahon had never considered, which was impressive since he knew a lot
about how to break into VMS computers. There was also considerable
creativity, but there wasn't any consistency. After the worm incident,
various computer security experts would hypothesise that the WANK worm
had in fact been written by more than one person. But McMahon
maintained his view that it was the work of a single hacker.
It was as if the creator of the worm started to pursue an idea and
then got sidetracked or interrupted. Suddenly he just stopped writing
code to implement that idea and started down another path, never again
to reach the end. The thing had a schizophrenic structure. It was all
over the place.
McMahon wondered if the author had done this on purpose, to make it
harder to figure out exactly what the worm was capable of doing.
Perhaps, he thought, the code had once been nice and linear and it all
made sense. Then the author chopped it to pieces, moved the middle to
the top, the top to the bottom, scrambled up the chunks and strung
them all together with a bunch of `GO TO' commands. Maybe the hacker
who wrote the worm was in fact a very elegant DCL programmer who
wanted the worm to be chaotic in order to protect it. Security through
obscurity.
Oberman maintained a different view. He believed the programming style
varied so much in different parts that it had to be the product of a
number of people. He knew that when computer programmers write code
they don't make lots of odd little changes in style for no particular
reason.
Kevin Oberman and John McMahon bounced ideas off one another. Both had
developed their own analyses. Oberman also brought Mark Kaletka, who
managed internal networking at Fermilab, one of HEPNET's largest
sites, into the cross-checking process. The worm had a number of
serious vulnerabilities, but the problem was finding one, and quickly,
which could be used to wipe it out with minimum impact on the besieged
computers.
Whenever a VMS machine starts up an activity, the computer gives it a
unique process name. When the worm burrowed into a computer site, one
of the first things it did was check that another copy of itself was
not already running on that computer. It did this by checking for its
own process names. The worm's processes were all called NETW_ followed
by a random, four-digit number. If the incoming worm found this
process name, it assumed another copy of itself was already running on
the computer, so it destroyed itself.
The answer seemed to be a decoy duck. Write a program which pretended
to be the worm and install it across all of NASA's vulnerable
computers. The first anti-WANK program did just that. It quietly sat
on the SPAN computers all day long, posing as a NETW_ process, faking
out any real version of the WANK worm which should come along.
Oberman completed an anti-WANK program first and ran it by McMahon. It
worked well, but McMahon noticed one large flaw. Oberman's program
checked for the NETW_ process name, but it assumed that the worm was
running under the SYSTEM group. In most cases, this was true, but it
didn't have to be. If the worm was running in another group, Oberman's
program would be useless. When McMahon pointed out the flaw, Oberman
thought, God, how did I miss that?
McMahon worked up his own version of an anti-WANK
program, based on Oberman's program, in preparation for releasing it
to NASA.
At the same time, Oberman revised his anti-WANK program for DOE. By
Monday night US Eastern Standard Time, Oberman was able to send out an
early copy of a vaccine designed to protect computers which hadn't
been infected yet, along with an electronic warning about the worm.
His first electronic warning, distributed by CIAC, said in part:
THE COMPUTER INCIDENT ADVISORY CAPABILITY C I A C
ADVISORY NOTICE
The W.COM Worm affecting VAX VMS Systems
October 16, 1989 18:37 PSTNumber A-2
This is a mean bug to kill and could have done a lot of damage.
Since it notifies (by mail) someone of each successful penetration and
leaves a trapdoor (the FIELD account), just killing the bug is not
adequate. You must go in and make sure all accounts have passwords and
that the passwords are not the same as the account name.
R. Kevin Oberman
Advisory Notice
A worm is attacking NASA's SPAN network via VAX/VMS systems connected
to DECnet. It is unclear if the spread of the worm has been checked.
It may spread to other systems such as DOE's HEPNET within a few days.
VMS system managers should prepare now.
The worm targets VMS machines, and can only be propagated via DECnet.
The worm exploits two features of DECnet/VMS in order to propagate
itself. The first is the default DECnet account, which is a facility
for users who don't have a specific login ID for a machine to have
some degree of anonymous access. It uses the default DECnet account to
copy itself to a machine, and then uses the `TASK 0' feature of DECnet
to invoke the remote copy. It has several other features including a
brute force attack.
Once the worm has successfully penetrated your system it will infect
.COM files and create new security vulnerabilities. It then seems to
broadcast these vulnerabilities to the outside world. It may also
damage files as well, either unintentionally or otherwise.
An analysis of the worm appears below and is provided by R. Kevin
Oberman of Lawrence Livermore National Laboratory. Included with the
analysis is a DCL program that will block the current version of the
worm. At least two versions of this worm exist and more may be
created. This program should give you enough time to close up obvious
security holes. A more thorough DCL program is being written.
If your site could be affected please call CIAC for more details...
Report on the W.COM worm.
R. Kevin Oberman
Engineering Department
Lawrence Livermore National Laboratory
October 16, 1989
The following describes the action of the W.COM worm (currently based
on the examination of the first two incarnations). The replication
technique causes the code to be modified slightly which indicates the
source of the attack and learned information.
All analysis was done with more haste than I care for, but I believe I
have all of the basic facts correct. First a description of the
program:
1. The program assures that it is working in a directory to which the
owner (itself) has full access (Read, Write, Execute, and Delete).
2. The program checks to see if another copy is still running. It
looks for a process with the first 5 characters of `NETW_'. If such is
found, it deletes itself (the file) and stops its process.
NOTE
A quick check for infection is to look for a process name starting
with `NETW_'. This may be done with a SHOW PROCESS command.
3. The program then changes the default DECNET account password to a
random string of at least 12 characters.
4. Information on the password used to access the system is mailed to
the user GEMTOP on SPAN node 6.59. Some versions may have a different
address.11
5. The process changes its name to `NETW_' followed by a random
number.
6. It then checks to see if it has SYSNAM priv. If so, it defines the
system announcement message to be the banner in the program:
Worms Against Nuclear Killers!
Your System Has Been Officically Wanked.
You talk of times of peace for all, and then prepare for war.
7. If it has SYSPRV, it disables mail to the SYSTEM account.
8. If it has SYSPRV, it modifies the system login command procedure to
APPEAR to delete all of a user's file. (It really does nothing.)
9. The program then scans the account's logical name table for command
procedures and tries to modify the FIELD account to a known password
with login from any source and all privs. This is a primitive virus,
but very effective IF it should get into a privileged account.
10. It proceeds to attempt to access other systems by picking node
numbers at random. It then uses PHONE to get a list of active users on
the remote system. It proceeds to irritate them by using PHONE to ring
them.
11. The program then tries to access the RIGHTSLIST file and attempts
to access some remote system using the users found and a list of
`standard' users included within the worm. It looks for passwords
which are the same as that of the account or are blank. It records all
such accounts.
12. It looks for an account that has access to SYSUAF.DAT.
13. If a priv. account is found, the program is copied to that account
and started. If no priv. account was found, it is copied to other
accounts found on the random system.
14. As soon as it finishes with a system, it picks another random
system and repeats (forever).
Response:
1. The following program will block the worm. Extract the following
code and execute it. It will use minimal resources. It creates a
process named NETW_BLOCK which will prevent the worm from running.
Editors note: This fix will work only with this version of the worm.
Mutated worms will require modification of this code; however, this
program should prevent the worm from running long enough to secure
your system from the worms attacks.13
---
McMahon's version of an anti-WANK program was also ready to go by late
Monday, but he would face delays getting it out to NASA. Working inside
NASA was a balancing act, a delicate ballet demanding exquisite
choreography between getting the job done, following official procedures
and avoiding steps which might tread on senior bureaucrats' toes. It was
several days before NASA's anti-WANK program was officially released.
DOE was not without its share of problems in launching the anti-WANK
program and advisory across HEPNET. At 5.04 p.m. Pacific Coast Time on
17 October, as Oberman put the final touches on the last paragraph of
his final report on the worm, the floor beneath his feet began to
shake. The building was trembling. Kevin Oberman was in the middle of
the 1989 San Francisco earthquake.
Measuring 7.1 on the Richter scale, the Loma Prieta earthquake ripped
through the greater San Francisco area with savage speed. Inside the
computer lab, Oberman braced himself for the worst. Once the shaking
stopped and he ascertained the computer centre was still standing, he
sat back down at his terminal. With the PA blaring warnings for all
non-essential personnel to leave the building immediately, Oberman
rushed off the last sentence of the report. He paused and then added a
postscript saying that if the paragraph didn't make sense, it was
because he was a little rattled by the large earthquake which had just
hit Lawrence Livermore Labs. He pressed the key, sent out his final
anti-WANK report and fled the building.
Back on the east coast, the SPAN office continued to help people
calling from NASA sites which had been hit. The list of sites which
had reported worm-related problems grew steadily during the week.
Official estimates on the scope of the WANK worm attack were vague,
but trade journals such as Network World and Computerworld quoted the
space agency as suffering only a small number of successful worm
invasions, perhaps 60 VMS-based computers. SPAN security manager Ron
Tencati estimated only 20 successful worm penetrations in the NASA
part of SPAN's network, but another internal estimate put the figure
much higher: 250 to 300 machines. Each of those computers might have
had 100 or more users. Figures were sketchy, but virtually everyone on
the network--all 270000 computer accounts--had been affected by the
worm, either because their part of the network had been pulled
off-line or because their machines had been harassed by the WANK worm
as it tried again and again to login from an infected machine. By the
end of the worm attack, the SPAN office had accumulated a list of
affected sites which ran over two columns on several computer screens.
Each of them had lodged some form of complaint about the worm.
Also by the end of the crisis, NASA and DOE computer network managers
had their choice of vaccines, antidotes and blood tests for the WANK
worm. McMahon had released ANTIWANK.COM, a program which killed the
worm and vaccinated a system against further attacks, and
WORM-INFO.TEXT, which provided a list of worm-infestation symptoms.
Oberman's program, called [.SECURITY]CHECK_SYSTEM.COM, checked for all
the security flaws used by the worm to sneak into a computer system.
DEC also had a patch to cover the security hole in the DECNET account.
Whatever the real number of infected machines, the worm had certainly
circumnavigated the globe. It had reach into European sites, such as
CERN--formerly known as the European Centre for Nuclear Research--in
Switzerland, through to Goddard's computers in Maryland, on to
Fermilab in Chicago and propelled itself across the Pacific into the
Riken Accelerator Facility in Japan.14
NASA officials told the media they believed the worm had been launched
about 4.30 a.m. on Monday, 16 October.15 They also believed it had
originated in Europe, possibly in France.
Wednesday, 18 October 1989
Kennedy Space Center, Florida
The five-member Atlantis had some bad news on Wednesday morning. The
weather forecasters gave the launch site a 40 per cent chance of
launch guideline-violating rain and cloud. And then there was the
earthquake in California.
The Kennedy Space Center wasn't the only place which had to be in
tip-top working order for a launch to go ahead. The launch depended on
many sites far away from Florida. These included Edwards Air Force
Base in California, where the shuttle was due to land on Monday. They
also included other sites, often military bases, which were essential
for shuttle tracking and other mission support. One of these sites was
a tracking station at Onizuka Air Force Base at Sunnyvale, California.
The earthquake which ripped through the Bay area had damaged the
tracking station and senior NASA decision-makers planned to meet on
Wednesday morning to consider the Sunnyvale situation. Still, the
space agency maintained a calm, cool exterior. Regardless of the
technical problems, the court challenges and the protesters, the
whimsical weather, the natural disasters, and the WANK worm, NASA was
still in control of the situation.
`There's been some damage, but we don't know how much. The sense I get
is it's fairly positive,' a NASA spokesman told UPI. `But there are
some problems.'16 In Washington, Pentagon spokesman Rick Oborn
reassured the public again, `They are going to be able to handle
shuttle tracking and support for the mission ... They will be able to
do their job'.17
Atlantis waited, ready to go, at launchpad 39B. The technicians had
filled the shuttle up with rocket fuel and it looked as if the weather
might hold. It was partly cloudy, but conditions at Kennedy passed
muster.
The astronauts boarded the shuttle. Everything was in place.
But while the weather was acceptable in Florida, it was causing some
problems in Africa, the site of an emergency landing location. If it
wasn't one thing, it was another. NASA ordered a four-minute delay.
Finally at 12.54 p.m., Atlantis boomed from its launchpad. Rising up
from the Kennedy Center, streaking a trail of twin flames from its
huge solid-fuel boosters, the shuttle reached above the atmosphere and
into space.
At 7.15 p.m., exactly 6 hours and 21 minutes after lift-off, Galileo
began its solo journey into space. And at 8.15 p.m., Galileo's booster
ignited.
Inside shuttle mission control, NASA spokesman Brian Welch announced,
`The spacecraft Galileo ... has achieved Earth escape velocity'.18
Monday, 30 October 1989
NASA's Goddard Space Flight Center, Greenbelt, Maryland
The week starting 16 October had been a long one for the SPAN team.
They were keeping twelve-hour days and dealing with hysterical people
all day long. Still, they managed to get copies of anti-WANK out,
despite the limitations of the dated SPAN records and the paucity of
good logs allowing them to retrace the worm's path. `What we learned
that week was just how much data is not collected,' McMahon observed.
By Friday, 20 October, there were no new reports of worm attacks. It
looked as though the crisis had passed. Things could be tidied up by
the rest of the SPAN team and McMahon returned to his own work.
A week passed. All the while, though, McMahon was on edge. He doubted
that someone who had gone to all that trouble of creating the WANK
worm would let his baby be exterminated so quickly. The decoy-duck
strategy only worked as long as the worm kept the same process name,
and as long as it was programmed not to activate itself on systems
which were already infected. Change the process name, or teach the
worm to not to suicide, and the SPAN team would face another, larger
problem. John McMahon had an instinct about the worm; it might just
be back.
His instinct was right.
The following Monday, McMahon received another phone call from the
SPAN project office. When he poked his head in his boss's office,
Jerome Bennett looked up from his desk.
`The thing is back,' McMahon told him. There was no need to explain
what `the thing' was. `I'm going over to the SPAN office.'
Ron Tencati and Todd Butler had a copy of the new WANK worm ready for
McMahon. This version of the worm was far more virulent. It copied
itself more effectively and therefore moved through the network much
faster. The revised worm's penetration rate was much higher--more than
four times greater than the version of WANK released in the first
attack. The phone was ringing off the hook again. John took a call
from one irate manager who launched into a tirade. `I ran your
anti-WANK program, followed your instructions to the letter, and look
what happened!'
The worm had changed its process name. It was also designed to hunt down
and kill the decoy-duck program. In fact, the SPAN network was going to
turn into a rather bloody battlefield. This worm didn't just kill the
decoy, it also killed any other copy of the WANK worm. Even if McMahon
changed the process name used by his program, the decoy-duck strategy
was not going to work any longer.
There were other disturbing improvements to the new version of the
WANK worm. Preliminary information suggested it changed the password
on any account it got into. This was a problem. But not nearly as big
a problem as if the passwords it changed were for the only privileged
accounts on the system. The new worm was capable of locking a system
manager out of his or her own system.
Prevented from getting into his own account, the computer manager
might try borrowing the account of an average user, call him Edwin.
Unfortunately, Edwin's account probably only had low-level privileges.
Even in the hands of a skilful computer manager, the powers granted to
Edwin's account were likely too limited to eradicate the worm from its
newly elevated status as computer manager. The manager might spend his
whole morning matching wits with the worm from the disadvantaged
position of a normal user's account. At some point he would have to
make the tough decision of last resort: turn the entire computer
system off.
The manager would have to conduct a forced reboot of the machine. Take
it down, then bring it back up on minimum configuration. Break back
into it. Fix the password which the worm had changed. Logout. Reset
some variables. Reboot the machine again. Close up any underlying
security holes left behind by the worm. Change any passwords which
matched users' names. A cold start of a large VMS machine took time.
All the while, the astronomers, physicists and engineers who worked in
this NASA office wouldn't be able to work on their computers.
At least the SPAN team was better prepared for the worm this time.
They had braced themselves psychologically for a possible return
attack. Contact information for the network had been updated. And the
general DECNET internet community was aware of the worm and was
lending a hand wherever possible.
Help came from a system manager in France, a country which seemed to
be of special interest to the worm's author. The manager, Bernard
Perrot of Institut de Physique Nucleaire in Orsay, had obtained a copy
of the worm, inspected it and took special notice of the creature's
poor error checking ability. This was the worm's true Achilles' heel.
The worm was trained to go after the RIGHTSLIST database, the list of
all the people who have accounts on the computer. What if someone
moved the database by renaming it and put a dummy database in its
place? The worm would, in theory, go after the dummy, which could be
designed with a hidden bomb. When the worm sniffed out the dummy, and
latched onto it, the creature would explode and die. If it worked, the
SPAN team would not have to depend on the worm killing itself, as they
had during the first invasion. They would have the satisfaction of
destroying the thing themselves.
Ron Tencati procured a copy of the French manager's worm-killing
program and gave it to McMahon, who set up a sort of mini-laboratory
experiment. He cut the worm into pieces and extracted the relevant
bits. This allowed him to test the French worm-killing program with
little risk of the worm escaping and doing damage. The French program
worked wonderfully. Out it went. The second version of the worm was so
much more virulent, getting it out of SPAN was going to take
considerably longer than the first time around. Finally, almost two
weeks after the second onslaught, the WANK worm had been eradicated
from SPAN.
By McMahon's estimate, the WANK worm had incurred up to half a million
dollars in costs. Most of these were through people wasting time and
resources chasing the worm instead of doing their normal jobs. The
worm was, in his view, a crime of theft. `People's time and resources
had been wasted,' he said. `The theft was not the result of the
accident. This was someone who deliberately went out to make a mess.
`In general, I support prosecuting people who think breaking into
machines is fun. People like that don't seem to understand what kind
of side effects that kind of fooling around has. They think that
breaking into a machine and not touching anything doesn't do anything.
That is not true. You end up wasting people's time. People are dragged
into the office at strange hours. Reports have to be written. A lot of
yelling and screaming occurs. You have to deal with law enforcement.
These are all side effects of someone going for a joy ride in someone
else's system, even if they don't do any damage. Someone has to pay
the price.'
McMahon never found out who created the WANK worm. Nor did he ever
discover what he intended to prove by releasing it. The creator's
motives were never clear and, if it had been politically inspired,
no-one took credit.
The WANK worm left a number of unanswered questions in its wake, a
number of loose ends which still puzzle John McMahon. Was the hacker
behind the worm really protesting against NASA's launch of the
plutonium-powered Galileo space probe? Did the use of the word
`WANK'--a most un-American word--mean the hacker wasn't American? Why
had the creator recreated the worm and released it a second time? Why
had no-one, no political or other group, claimed responsibility for
the WANK worm?
One of the many details which remained an enigma was contained in the
version of the worm used in the second attack. The worm's creator had
replaced the original process name, NETW_, with a new one, presumably
to thwart the anti-WANK program. McMahon figured the original process
name stood for `netwank'--a reasonable guess at the hacker's intended
meaning. The new process name, however, left everyone on the SPAN team
scratching their heads: it didn't seem to stand for anything. The
letters formed an unlikely set of initials for someone's name. No-one
recognised it as an acronym for a saying or an organisation. And it
certainly wasn't a proper word in the English language. It was a
complete mystery why the creator of the WANK worm, the hacker who
launched an invasion into hundreds of NASA and DOE computers, should
choose this weird word.
The word was `OILZ'.
Chapter 2 -- The Corner Pub.
You talk of times of peace for all; and then prepare for war.
-- from `Blossom of Blood', Species Deceases.
It is not surprising the SPAN security team would miss the mark. It is
not surprising, for example, that these officials should to this day
be pronouncing the `Oilz' version of the WANK worm as `oil zee'. It is
also not surprising that they hypothesised the worm's creator chose
the word `Oilz' because the modifications made to the last version
made it slippery, perhaps even oily.
Likely as not, only an Australian would see the worm's link to the
lyrics of Midnight Oil.
This was the world's first worm with a political message, and the
second major worm in the history of the worldwide computer networks.
It was also the trigger for the creation of FIRST, the Forum of
Incident Response and Security Teams.2 FIRST was an international
security alliance allowing governments, universities and commercial
organisations to share information about computer network security
incidents. Yet, NASA and the US Department of Energy were half a world
away from finding the creator of the WANK worm. Even as investigators
sniffed around electronic trails leading to France, it appears the
perpetrator was hiding behind his computer and modem in Australia.
Geographically, Australia is a long way from anywhere. To Americans,
it conjures up images of fuzzy marsupials, not computer hackers.
American computer security officials, like those at NASA and the US
Department of Energy, had other barriers as well. They function in a
world of concretes, of appointments made and kept, of real names,
business cards and official titles. The computer underground, by
contrast, is a veiled world populated by characters slipping in and
out of the half-darkness. It is not a place where people use their
real names. It is not a place where people give out real personal
details.
It is, in fact, not so much a place as a space. It is ephemeral,
intangible--a foggy labyrinth of unmapped, winding streets through
which one occasionally ascertains the contours of a fellow traveller.
When Ron Tencati, the manager in charge of NASA SPAN security, realised
that NASA's computers were being attacked by an intruder, he rang the
FBI. The US Federal Bureau of Investigation's Computer Crime Unit fired
off a stream of questions. How many computers had been attacked? Where
were they? Who was behind the attack? The FBI told Tencati, `keep us
informed of the situation'. Like the CIAC team in the Department of
Energy, it appears the FBI didn't have much knowledge of VMS, the
primary computer operating system used in SPAN.
But the FBI knew enough to realise the worm attack was potentially
very serious. The winding electronic trail pointed vaguely to a
foreign computer system and, before long, the US Secret Service was
involved. Then the French secret service, the Direction de la
Surveillance du Territoire, or DST, jumped into the fray.
DST and the FBI began working together on the case. A casual observer
with the benefit of hindsight might see different motivations driving
the two government agencies. The FBI wanted to catch the perpetrator.
The DST wanted to make it clear that the infamous WANK worm attack on
the world's most prestigious space agency did not originate in France.
In the best tradition of cloak-and-dagger government agencies, the FBI
and DST people established two communication channels--an official
channel and an unofficial one. The official channel involved
embassies, attachés, formal communiques and interminable delays in
getting answers to the simplest questions. The unofficial channel
involved a few phone calls and some fast answers.
Ron Tencati had a colleague named Chris on the SPAN network in France,
which was the largest user of SPAN in Europe. Chris was involved in
more than just science computer networks. He had certain contacts in
the French government and seemed to be involved in their computer
networks. So, when the FBI needed technical information for its
investigation--the kind of information likely to be sanitised by some
embassy bureaucrat--one of its agents rang up Ron Tencati. `Ron, ask
your friend this,' the FBI would say. And Ron would.
`Chris, the FBI wants to know this,' Tencati would tell his colleague
on SPAN France. Then Chris would get the necessary information. He
would call Tencati back, saying, `Ron, here is the answer. Now, the
DST wants to know that'. And off Ron would go in search of information
requested by the DST.
The investigation proceeded in this way, with each helping the other
through backdoor channels. But the Americans' investigation was headed
toward the inescapable conclusion that the attack on NASA had
originated from a French computer. The worm may have simply travelled
through the French computer from yet another system, but the French
machine appeared to be the sole point of infection for NASA.
The French did not like this outcome. Not one bit. There was no way
that the worm had come from France. Ce n'est pas vrai.
Word came back from the French that they were sure the worm had come
from the US. Why else would it have been programmed to mail details of
all computer accounts it penetrated around the world back to a US
machine, the computer known as GEMPAK? Because the author of the worm
was an American, of course! Therefore it is not our problem, the
French told the Americans. It is your problem.
Most computer security experts know it is standard practice among
hackers to create the most tangled trail possible between the hacker
and the hacked. It makes it very difficult for people like the FBI to
trace who did it. So it would be difficult to draw definite
conclusions about the nationality of the hacker from the location of a
hacker's information drop-off point--a location the hacker no doubt
figured would be investigated by the authorities almost immediately
after the worm's release.
Tencati had established the French connection from some computer logs
showing NASA under attack very early on Monday, 16 October. The logs
were important because they were relatively clear. As the worm had
procreated during that day, it had forced computers all over the
network to attack each other in ever greater numbers. By 11 a.m. it
was almost impossible to tell where any one attack began and the other
ended.
Some time after the first attack, DST sent word that certain agents
were going to be in Washington DC regarding other matters. They wanted
a meeting with the FBI. A representative from the NASA Inspector
General's Office would attend the meeting, as would someone from NASA
SPAN security.
Tencati was sure he could show the WANK worm attack on NASA originated
in France. But he also knew he had to document everything, to have
exact answers to every question and counter-argument put forward by
the French secret service agents at the FBI meeting. When he developed
a timeline of attacks, he found that the GEMPAK machine showed X.25
network connection, via another system, from a French computer around
the same time as the WANK worm attack. He followed the scent and
contacted the manager of that system. Would he help Tencati? Mais oui.
The machine is at your disposal, Monsieur Tencati.
Tencati had never used an X.25 network before; it had a unique set of
commands unlike any other type of computer communications network. He
wanted to retrace the steps of the worm, but he needed help. So he
called his friend Bob Lyons at DEC to walk him through the process.
What Tencati found startled him. There were traces of the worm on the
machine all right, the familiar pattern of login failures as the worm
attempted to break into different accounts. But these remnants of the
WANK worm were not dated 16 October or any time immediately around
then. The logs showed worm-related activity up to two weeks before the
attack on NASA. This computer was not just a pass-through machine the
worm had used to launch its first attack on NASA. This was the
development machine.
Ground zero.
Tencati went into the meeting with DST at the FBI offices prepared. He
knew the accusations the French were going to put forward. When he
presented the results of his sleuthwork, the French secret service
couldn't refute it, but they dropped their own bombshell. Yes they
told him, you might be able to point to a French system as ground zero
for the attack, but our investigations reveal incoming X.25
connections from elsewhere which coincided with the timing of the
development of the WANK worm.
The connections came from Australia.
The French had satisfied themselves that it wasn't a French hacker who
had created the WANK worm. Ce n'est pas notre problem. At least, it's
not our problem any more.
It is here that the trail begins to go cold. Law enforcement and
computer security people in the US and Australia had ideas about just
who had created the WANK worm. Fingers were pointed, accusations were
made, but none stuck. At the end of the day, there was coincidence and
innuendo, but not enough evidence to launch a case. Like many
Australian hackers, the creator of the WANK worm had emerged from the
shadows of the computer underground, stood momentarily in hazy
silhouette, and then disappeared again.
The Australian computer underground in the late 1980s was an
environment which spawned and shaped the author of the WANK worm.
Affordable home computers, such as the Apple IIe and the Commodore 64,
made their way into ordinary suburban families. While these computers
were not widespread, they were at least in a price range which made
them attainable by dedicated computer enthusiasts.
In 1988, the year before the WANK worm attack on NASA, Australia was
on an upswing. The country was celebrating its bicentennial. The
economy was booming. Trade barriers and old regulatory structures were
coming down. Crocodile Dundee had already burst on the world movie
scene and was making Australians the flavour of the month in cities
like LA and New York. The mood was optimistic. People had a sense they
were going places. Australia, a peaceful country of seventeen or so
million people, poised on the edge of Asia but with the order of a
Western European democracy, was on its way up. Perhaps for the first
time, Australians had lost their cultural cringe, a unique type of
insecurity alien to can-do cultures such as that found in the US.
Exploration and experimentation require confidence and, in 1988,
confidence was something Australia had finally attained.
Yet this new-found confidence and optimism did not subdue Australia's
tradition of cynicism toward large institutions. The two coexisted,
suspended in a strange paradox. Australian humour, deeply rooted in a
scepticism of all things serious and sacred, continued to poke fun at
upright institutions with a depth of irreverence surprising to many
foreigners. This cynicism of large, respected institutions coursed
through the newly formed Australian computer underground without
dampening its excitement or optimism for the brave new world of
computers in the least.
In 1988, the Australian computer underground thrived like a vibrant
Asian street bazaar. In that year it was still a realm of place not
space. Customers visited their regular stalls, haggled over goods with
vendors, bumped into friends and waved across crowded paths to
acquaintances. The market was as much a place to socialise as it was
to shop. People ducked into tiny coffee houses or corner bars for
intimate chats. The latest imported goods, laid out on tables like
reams of bright Chinese silks, served as conversation starters. And,
like every street market, many of the best items were tucked away,
hidden in anticipation of the appearance of that one customer or
friend most favoured by the trader. The currency of the underground
was not money; it was information. People didn't share and exchange
information to accumulate monetary wealth; they did it to win
respect--and to buy a thrill.
The members of the Australian computer underground met on bulletin
board systems, known as BBSes. Simple things by today's standards,
BBSes were often composed of a souped-up Apple II computer, a single
modem and a lone telephone line. But they drew people from all walks
of life. Teenagers from working-class neighbourhoods and those from
the exclusive private schools. University students. People in their
twenties groping their way through first jobs. Even some professional
people in their thirties and forties who spent weekends poring over
computer manuals and building primitive computers in spare rooms. Most
regular BBS users were male. Sometimes a user's sister would find her
way into the BBS world, often in search of a boyfriend. Mission
accomplished, she might disappear from the scene for weeks, perhaps
months, presumably until she required another visit.
The BBS users had a few things in common. They were generally of above
average intelligence--usually with a strong technical slant--and they
were obsessed with their chosen hobby. They had to be. It often took
45 minutes of attack dialling a busy BBS's lone phone line just to
visit the computer system for perhaps half an hour. Most serious BBS
hobbyists went through this routine several times each day.
As the name suggests, a BBS had what amounted to an electronic version
of a normal bulletin board. The owner of the BBS would have divided
the board into different areas, as a school teacher crisscrosses
coloured ribbon across the surface of a corkboard to divide it into
sections. A single BBS might have 30 or more electronic discussion
groups.
As a user to the board, you might visit the politics section, tacking
up a `note' on your views of ALP or Liberal policies for anyone
passing by to read. Alternatively, you might fancy yourself a bit of a
poet and work up the courage to post an original piece of work in the
Poet's Corner. The corner was often filled with dark, misanthropic
works inspired by the miseries of adolescence. Perhaps you preferred
to discuss music. On many BBSes you could find postings on virtually
any type of music. The most popular groups included bands like Pink
Floyd, Tangerine Dream and Midnight Oil. Midnight Oil's
anti-establishment message struck a particular chord within the new
BBS community.
Nineteen eighty-eight was the golden age of the BBS culture across
Australia. It was an age of innocence and community, an open-air
bazaar full of vitality and the sharing of ideas. For the most part,
people trusted their peers within the community and the BBS operators,
who were often revered as demigods. It was a happy place. And, in
general, it was a safe place, which is perhaps one reason why its
visitors felt secure in their explorations of new ideas. It was a
place in which the creator of the WANK worm could sculpt and hone his
creative computer skills.
The capital of this spirited new Australian electronic civilisation
was Melbourne. It is difficult to say why this southern city became
the cultural centre of the BBS world, and its darker side, the
Australian computer underground. Maybe the city's history as
Australia's intellectual centre created a breeding ground for the many
young people who built their systems with little more than curiosity
and salvaged computer bits discarded by others. Maybe Melbourne's
personality as a city of suburban homebodies and backyard tinkerers
produced a culture conducive to BBSes. Or maybe it was just
Melbourne's dreary beaches and often miserable weather. As one
Melbourne hacker explained it, `What else is there to do here all
winter but hibernate inside with your computer and modem?'
In 1988, Melbourne had some 60 to 100 operating BBSes. The numbers are
vague because it is difficult to count a collection of moving objects.
The amateur nature of the systems, often a jumbled tangle of wires and
second-hand electronics parts soldered together in someone's garage,
meant that the life of any one system was frequently as short as a
teenager's attention span. BBSes popped up, ran for two weeks, and
then vanished again.
Some of them operated only during certain hours, say between 10 p.m.
and 8 a.m. When the owner went to bed, he or she would plug the home
phone line into the BBS and leave it there until morning. Others ran
24 hours a day, but the busiest times were always at night.
Of course it wasn't just intellectual stimulation some users were
after. Visitors often sought identity as much as ideas. On an
electronic bulletin board, you could create a personality, mould it
into shape and make it your own. Age and appearance did not matter.
Technical aptitude did. Any spotty, gawky teenage boy could instantly
transform himself into a suave, graceful BBS character. The
transformation began with the choice of name. In real life, you might
be stuck with the name Elliot Dingle--an appellation chosen by your
mother to honour a long-dead great uncle. But on a BBS, well, you
could be Blade Runner, Ned Kelly or Mad Max. Small wonder that, given
the choice, many teenage boys chose to spend their time in the world
of the BBS.
Generally, once a user chose a handle, as the on-line names are known,
he stuck with it. All his electronic mail came to an account with that
name on it. Postings to bulletin boards were signed with it. Others
dwelling in the system world knew him by that name and no other. A
handle evolved into a name laden with innate meaning, though the
personality reflected in it might well have been an alter ego. And so
it was that characters like The Wizard, Conan and Iceman came to pass
their time on BBSes like the Crystal Palace, Megaworks, The Real
Connection and Electric Dreams.
What such visitors valued about the BBS varied greatly. Some wanted to
participate in its social life. They wanted to meet people like
themselves--bright but geeky or misanthropic people who shared an
interest in the finer technical points of computers. Many lived as
outcasts in real life, never quite making it into the `normal' groups
of friends at school or uni. Though some had started their first jobs,
they hadn't managed to shake the daggy awkwardness which pursued them
throughout their teen years. On the surface, they were just not the
sort of people one asked out to the pub for a cold one after the
footy.
But that was all right. In general, they weren't much interested in
footy anyway.
Each BBS had its own style. Some were completely legitimate, with
their wares--all legal goods--laid out in the open. Others, like The
Real Connection, had once housed Australia's earliest hackers but had
gone straight. They closed up the hacking parts of the board before
the first Commonwealth government hacking laws were enacted in June
1989. Perhaps ten or twelve of Melbourne's BBSes at the time had the
secret, smoky flavour of the computer underground. A handful of these
were invitation-only boards, places like Greyhawk and The Realm. You
couldn't simply ring up the board, create a new account and login. You
had to be invited by the board's owner. Members of the general
modeming public need not apply.
The two most important hubs in the Australian underground between 1987
and 1989 were named Pacific Island and Zen. A 23-year-old who called
himself Craig Bowen ran both systems from his bedroom.
Also known as Thunderbird1, Bowen started up Pacific Island in 1987
because he wanted a hub for hackers. The fledgling hacking community
was dispersed after AHUBBS, possibly Melbourne's earliest hacking
board, faded away. Bowen decided to create a home for it, a sort of
dark, womb-like cafe bar amid the bustle of the BBS bazaar where
Melbourne's hackers could gather and share information.
His bedroom was a simple, boyish place. Built-in cupboards, a bed, a
wallpaper design of vintage cars running across one side of the room.
A window overlooking the neighbours' leafy suburban yard. A collection
of PC magazines with titles like Nibble and Byte. A few volumes on
computer programming. VAX/VMS manuals. Not many books, but a handful
of science fiction works by Arthur C. Clarke. The Hitchhiker's Guide
to the Galaxy. A Chinese-language dictionary used during his high
school Mandarin classes, and after, as he continued to study the
language on his own while he held down his first job.
The Apple IIe, modem and telephone line rested on the drop-down
drawing table and fold-up card table at the foot of his bed. Bowen put
his TV next to the computer so he could sit in bed, watch TV and use
Pacific Island all at the same time. Later, when he started Zen, it
sat next to Pacific Island. It was the perfect set-up.
Pacific Island was hardly fancy by today's standards of Unix Internet
machines, but in 1987 it was an impressive computer. PI, pronounced
`pie' by the local users, had a 20 megabyte hard drive--gargantuan for
a personal computer at the time. Bowen spent about $5000 setting up PI
alone. He loved both systems and spent many hours each week nurturing
them.
There was no charge for computer accounts on PI or ZEN, like most
BBSes. This gentle-faced youth, a half-boy, half-man who would
eventually play host on his humble BBS to many of Australia's
cleverest computer and telephone hackers, could afford to pay for his
computers for two reasons: he lived at home with his mum and dad, and
he had a full-time job at Telecom--then the only domestic telephone
carrier in Australia.
PI had about 800 computer users, up to 200 of whom were `core' users
accessing the system regularly. PI had its own dedicated phone line,
separate from the house phone so Bowen's parents wouldn't get upset the
line was always tied up. Later, he put in four additional phone lines
for Zen, which had about 2000 users. Using his Telecom training, he
installed a number of non-standard, but legal, features to his
house. Junction boxes, master switches. Bowen's house was a
telecommunications hot-rod.
Bowen had decided early on that if he wanted to keep his job, he had
better not do anything illegal when it came to Telecom. However, the
Australian national telecommunications carrier was a handy source of
technical information. For example, he had an account on a Telecom
computer system--for work--from which he could learn about Telecom's
exchanges. But he never used that account for hacking. Most
respectable hackers followed a similar philosophy. Some had legitimate
university computer accounts for their courses, but they kept those
accounts clean. A basic rule of the underground, in the words of one
hacker, was `Don't foul your own nest'.
PI contained a public section and a private one. The public area was
like an old-time pub. Anyone could wander in, plop down at the bar and
start up a conversation with a group of locals. Just ring up the
system with your modem and type in your details--real name, your
chosen handle, phone number and other basic information.
Many BBS users gave false information in order to hide their true
identities, and many operators didn't really care. Bowen, however,
did. Running a hacker's board carried some risk, even before the
federal computer crime laws came into force. Pirated software was
illegal. Storing data copied from hacking adventures in foreign
computers might also be considered illegal. In an effort to exclude
police and media spies, Bowen tried to verify the personal details of
every user on PI by ringing them at home or work. Often he was
successful. Sometimes he wasn't.
The public section of PI housed discussion groups on the major PC
brands--IBM, Commodore, Amiga, Apple and Atari--next to the popular
Lonely Hearts group. Lonely Hearts had about twenty regulars, most of
whom agonised under the weight of pubescent hormonal changes. A boy
pining for the affections of the girl who dumped him or, worse, didn't
even know he existed. Teenagers who contemplated suicide. The messages
were completely anonymous, readers didn't even know the authors'
handles, and that anonymous setting allowed heart-felt messages and
genuine responses.
Zen was PI's sophisticated younger sister. Within two years of PI
making its debut, Bowen opened up Zen, one of the first Australian
BBSes with more than one telephone line. The main reason he set up Zen
was to stop his computer users from bothering him all the time. When
someone logged into PI, one of the first things he or she did was
request an on-line chat with the system operator. PI's Apple IIe was
such a basic machine by today's standards, Bowen couldn't multi-task
on it. He could not do anything with the machine, such as check his
own mail, while a visitor was logged into PI.
Zen was a watershed in the Australian BBS community. Zen multi-tasked.
Up to four people could ring up and login to the machine at any one
time, and Bowen could do his own thing while his users were on-line.
Better still, his users could talk request each other instead of
hassling him all the time. Having users on a multi-tasking machine
with multiple phone lines was like having a gaggle of children. For
the most part, they amused each other.
Mainstream and respectful of authority on the surface, Bowen possessed
the same streak of anti-establishment views harboured by many in the
underground. His choice of name for Zen underlined this. Zen came from
the futuristic British TV science fiction series `Blake 7', in which a
bunch of underfunded rebels attempted to overthrow an evil
totalitarian government. Zen was the computer on the rebels' ship. The
rebels banded together after meeting on a prison ship; they were all
being transported to a penal settlement on another planet. It was a
story people in the Australian underground could relate to. One of the
lead characters, a sort of heroic anti-hero, had been sentenced to
prison for computer hacking. His big mistake, he told fellow rebels,
was that he had relied on other people. He trusted them. He should
have worked alone.
Craig Bowen had no idea of how true that sentiment would ring in a
matter of months.
Bowen's place was a hub of current and future lights in the computer
underground. The Wizard. The Force. Powerspike. Phoenix. Electron.
Nom. Prime Suspect. Mendax. Train Trax. Some, such as Prime Suspect,
merely passed through, occasionally stopping in to check out the
action and greet friends. Others, such as Nom, were part of the
close-knit PI family. Nom helped Bowen set up PI. Like many early
members of the underground, they met through AUSOM, an Apple users'
society in Melbourne. Bowen wanted to run ASCII Express, a program
which allowed people to transfer files between their own computers and
PI. But, as usual, he and everyone he knew only had a pirated copy of
the program. No manuals. So Nom and Bowen spent one weekend picking
apart the program by themselves. They were each at home, on their own
machines, with copies. They sat on the phone for hours working through
how the program worked. They wrote their own manual for other people
in the underground suffering under the same lack of documentation.
Then they got it up and running on PI.
Making your way into the various groups in a BBS such as PI or Zen had
benefits besides hacking information. If you wanted to drop your
mantle of anonymity, you could join a pre-packaged, close-knit circle
of friends. For example, one clique of PI people were fanatical
followers of the film The Blues Brothers. Every Friday night, this
group dressed up in Blues Brothers costumes of a dark suit, white
shirt, narrow tie, Rayban sunglasses and, of course, the snap-brimmed
hat. One couple brought their child, dressed as a mini-Blues Brother.
The group of Friday night regulars made their way at 11.30 to
Northcote's Valhalla Theatre (now the Westgarth). Its grand but
slightly tatty vintage atmosphere lent itself to this alternative
culture flourishing in late-night revelries. Leaping up on stage
mid-film, the PI groupies sent up the actors in key scenes. It was a
fun and, as importantly, a cheap evening. The Valhalla staff admitted
regulars who were dressed in appropriate costume for free. The only
thing the groupies had to pay for was drinks at the intermission.
Occasionally, Bowen arranged gatherings of other young PI and Zen
users. Usually, the group met in downtown Melbourne, sometimes at the
City Square. The group was mostly boys, but sometimes a few girls
would show up. Bowen's sister, who used the handle Syn, hung around a
bit. She went out with a few hackers from the BBS scene. And she
wasn't the only one. It was a tight group which interchanged
boyfriends and girlfriends with considerable regularity. The group
hung out in the City Square after watching a movie, usually a horror
film. Nightmare 2. House 3. Titles tended to be a noun followed by a
numeral. Once, for a bit of lively variation, they went bowling and
drove the other people at the alley nuts. After the early
entertainment, it was down to McDonald's for a cheap burger. They
joked and laughed and threw gherkins against the restaurant's wall.
This was followed by more hanging around on the stone steps of the
City Square before catching the last bus or train home.
The social sections of PI and Zen were more successful than the
technical ones, but the private hacking section was even more
successful than the others. The hacking section was hidden; would-be
members of the Melbourne underground knew there was something going
on, but they couldn't find out what is was.
Getting an invite to the private area required hacking skill or
information, and usually a recommendation to Bowen from someone who
was already inside. Within the Inner Sanctum, as the private hacking
area was called, people could comfortably share information such as
opinions of new computer products, techniques for hacking, details of
companies which had set up new sites to hack and the latest rumours on
what the law enforcement agencies were up to.
The Inner Sanctum was not, however, the only private room. Two hacking
groups, Elite and H.A.C.K., guarded entry to their yet more exclusive
back rooms. Even if you managed to get entry to the Inner Sanctum, you
might not even know that H.A.C.K. or Elite existed. You might know
there was a place even more selective than your area, but exactly how
many layers of the onion stood between you and the most exclusive
section was anyone's guess. Almost every hacker interviewed for this
book described a vague sense of being somehow outside the innermost
circle. They knew it was there, but wasn't sure just what it was.
Bowen fielded occasional phone calls on his voice line from wanna-be
hackers trying to pry open the door to the Inner Sanctum. `I want
access to your pirate system,' the voice would whine.
`What pirate system? Who told you my system was a pirate system?'
Bowen sussed out how much the caller knew, and who had told him. Then
he denied everything.
To avoid these requests, Bowen had tried to hide his address, real
name and phone number from most of the people who used his BBSes. But
he wasn't completely successful. He had been surprised by the sudden
appearance one day of Masked Avenger on his doorstep. How Masked
Avenger actually found his address was a mystery. The two had chatted
in a friendly fashion on-line, but Bowen didn't give out his details.
Nothing could have prepared him for the little kid in the big crash
helmet standing by his bike in front of Bowen's house. `Hi!' he
squeaked. `I'm the Masked Avenger!'
Masked Avenger--a boy perhaps fifteen years old--was quite resourceful
to have found out Bowen's details. Bowen invited him in and showed him
the system. They became friends. But after that incident, Bowen
decided to tighten security around his personal details even more. He
began, in his own words, `moving toward full anonymity'. He invented
the name Craig Bowen, and everyone in the underground came to know him
by that name or his handle, Thunderbird1. He even opened a false bank
account in the name of Bowen for the periodic voluntary donations
users sent into PI. It was never a lot of money, mostly $5 or $10,
because students don't tend to have much money. He ploughed it all
back into PI.
People had lots of reasons for wanting to get into the Inner Sanctum.
Some wanted free copies of the latest software, usually pirated games
from the US. Others wanted to share information and ideas about ways
to break into computers, often those owned by local universities.
Still others wanted to learn about how to manipulate the telephone
system.
The private areas functioned like a royal court, populated by
aristocrats and courtiers with varying seniority, loyalties and
rivalries. The areas involved an intricate social order and respect
was the name of the game. If you wanted admission, you had to walk a
delicate line between showing your superiors that you possessed enough
valuable hacking information to be elite and not showing them so much
they would brand you a blabbermouth. A perfect bargaining chip was an
old password for Melbourne University's dial-out.
The university's dial-out was a valuable thing. A hacker could ring up
the university's computer, login as `modem' and the machine would drop
him into a modem which let him dial out again. He could then dial
anywhere in the world, and the university would foot the phone bill.
In the late 1980s, before the days of cheap, accessible Internet
connections, the university dial-out meant a hacker could access
anything from an underground BBS in Germany to a US military system in
Panama. The password put the world at his fingertips.
A hacker aspiring to move into PI's Inner Sanctum wouldn't give out
the current dial-out password in the public discussion areas. Most
likely, if he was low in the pecking order, he wouldn't have such
precious information. Even if he had managed to stumble across the
current password somehow, it was risky giving it out publicly. Every
wanna-be and his dog would start messing around with the university's
modem account. The system administrator would wise up and change the
password and the hacker would quickly lose his own access to the
university account. Worse, he would lose access for other hackers--the
kind of hackers who ran H.A.C.K., Elite and the Inner Sanctum. They
would be really cross. Hackers hate it when passwords on accounts they
consider their own are changed without warning. Even if the password
wasn't changed, the aspiring hacker would look like a guy who couldn't
keep a good secret.
Posting an old password, however, was quite a different matter. The
information was next to useless, so the hacker wouldn't be giving much
away. But just showing he had access to that sort of information
suggested he was somehow in the know. Other hackers might think he had
had the password when it was still valid. More importantly, by showing
off a known, expired password, the hacker hinted that he might just
have the current password. Voila! Instant respect.
Positioning oneself to win an invite into the Inner Sanctum was a game
of strategy; titillate but never go all the way. After a while,
someone on the inside would probably notice you and put in a word with
Bowen. Then you would get an invitation.
If you were seriously ambitious and wanted to get past the first inner
layer, you then had to start performing for real. You couldn't hide
behind the excuse that the public area might be monitored by the
authorities or was full of idiots who might abuse valuable hacking
information.
The hackers in the most elite area would judge you on how much
information you provided about breaking into computer or phone
systems. They also looked at the accuracy of the information. It was
easy getting out-of-date login names and passwords for a student
account on Monash University's computer system. Posting a valid
account for the New Zealand forestry department's VMS system intrigued
the people who counted considerably more.
The Great Rite of Passage from boy to man in the computer underground
was Minerva. OTC, Australia's then government-owned Overseas
Telecommunications Commission,3 ran Minerva, a system of three Prime
mainframes in Sydney. For hackers such as Mendax, breaking into
Minerva was the test.
Back in early 1988, Mendax was just beginning to explore the world of
hacking. He had managed to break through the barrier from public to
private section of PI, but it wasn't enough. To be recognised as
up-and-coming talent by the aristocracy of hackers such as The Force
and The Wizard, a hacker had to spend time inside the Minerva system.
Mendax set to work on breaking
into it.
Minerva was special for a number of reasons. Although it was in
Sydney, the phone number to its entry computer, called an X.25 pad,
was a free call. At the time Mendax lived in Emerald, a country town
on the outskirts of Melbourne. A call to most Melbourne numbers
incurred a long-distance charge, thus ruling out options such as the
Melbourne University dial-out for breaking into international computer
systems.
Emerald was hardly Emerald City. For a clever sixteen-year-old boy,
the place was dead boring. Mendax lived there with his mother; Emerald
was merely a stopping point, one of dozens, as his mother shuttled her
child around the continent trying to escape from a psychopathic former
de facto. The house was an emergency refuge for families on the run.
It was safe and so, for a time, Mendax and his exhausted family
stopped to rest before tearing off again in search of a new place to
hide.
Sometimes Mendax went to school. Often he didn't. The school system
didn't hold much interest for him. It didn't feed his mind the way
Minerva would. They Sydney computer system was a far more interesting
place to muck around in than the rural high school.
Minerva was a Prime computer, and Primes were in. Force, one of the
more respected hackers in 1987-88 in the Australian computer
underground, specialised in Primos, the special operating system used
on Prime computers. He wrote his own programs--potent hacking tools
which provided current usernames and passwords--and made the systems
fashionable in the computer underground.
Prime computers were big and expensive and no hacker could afford one,
so being able to access the speed and computational grunt of a system
like Minerva was valuable for running a hacker's own programs. For
example, a network scanner, a program which gathered the addresses of
computers on the X.25 network which would be targets for future
hacking adventures, ate up computing resources. But a huge machine
like Minerva could handle that sort of program with ease. Minerva also
allowed users to connect to other computer systems on the X.25 network
around the world. Better still, Minerva had a BASIC interpreter on it.
This allowed people to write programs in the BASIC programming
language--by far the most popular language at the time--and make them
run on Minerva. You didn't have to be a Primos fanatic, like Force, to
write and execute a program on the OTC computer. Minerva suited Mendax
very well.
The OTC system had other benefits. Most major Australian corporations
had accounts on the system. Breaking into an account requires a
username and password; find the username and you have solved half the
equation. Minerva account names were easy picking. Each one was
composed of three letters followed by three numbers, a system which
could have been difficult to crack except for the choice of those
letters and numbers. The first three letters were almost always
obvious acronyms for the company. For example, the ANZ Bank had
accounts named ANZ001, ANZ002 and ANZ002. The numbers followed the
same pattern for most companies. BHP001. CRA001. NAB001. Even OTC007.
Anyone with the IQ of a desk lamp could guess at least a few account
names on Minerva. Passwords were a bit tougher to come by, but Mendax
had some ideas for that. He was going to have a crack at social
engineering. Social engineering means smooth-talking someone in a
position of power into doing something for you. It always involved a
ruse of some sort.
Mendax decided he would social engineer a password out of one of
Minerva's users. He had downloaded a partial list of Minerva users
another PI hacker had generously posted for those talented enough to
make use of it. This list was maybe two years old, and incomplete, but
it contained 30-odd pages of Minerva account usernames, company names,
addresses, contact names and telephone and fax numbers. Some of them
would probably still be valid.
Mendax had a deep voice for his age; it would have been impossible to
even contemplate social engineering without it. Cracking adolescent
male voices were the kiss of death for would-be social engineers. But
even though he had the voice, he didn't have the office or the Sydney
phone number if the intended victim wanted a number to call back on.
He found a way to solve the Sydney phone number by poking around until
he dug up a number with Sydney's 02 area code which was permanently
engaged. One down, one to go.
Next problem: generate some realistic office background noise. He
could hardly call a company posing as an OTC official to cajole a
password when the only background noise was birds tweeting in the
fresh country air.
No, he needed the same background buzz as a crowded office in downtown
Sydney. Mendex had a tape recorder, so he could pre-record the sound
of an office and play it as background when he called companies on the
Minerva list. The only hurdle was finding the appropriate office
noise. Not even the local post office would offer a believable noise
level. With none easily accessible, he decided to make his own audible
office clutter. It wouldn't be easy. With a single track on his
recording device, he couldn't dub in sounds on top of each other: he
had to make all the noises simultaneously.
First, he turned on the TV news, down very low, so it just hummed in
the background. Then he set up a long document to print on his
Commodore MPS 801 printer. He removed the cover from the noisy dot
matrix machine, to create just the right volume of clackity-clack in
the background. Still, he needed something more. Operators' voices
mumbling across a crowded floor. He could mumble quietly to himself,
but he soon discovered his verbal skills had not developed to the
point of being able to stand in the middle of the room talking about
nothing to himself for a quarter of an hour. So he fished out his
volume of Shakespeare and started reading aloud. Loud enough to hear
voices, but not so loud that the intended victim would be able to pick
Macbeth. OTC operators had keyboards, so he began tapping randomly on
his. Occasionally, for a little variation, he walked up to the tape
recorder and asked a question--and then promptly answered it in
another voice. He stomped noisily away from the recorder again, across
the room, and then silently dove back to the keyboard for more
keyboard typing and mumblings of Macbeth.
It was exhausting. He figured the tape had to run for at least fifteen
minutes uninterrupted. It wouldn't look very realistic if the office
buzz suddenly went dead for three seconds at a time in the places
where he paused the tape to rest.
The tapes took a number of attempts. He would be halfway through,
racing through line after line of Shakespeare, rap-tap-tapping on his
keyboard and asking himself questions in authoritative voices when the
paper jammed in his printer. Damn. He had to start all over again.
Finally, after a tiring hour of auditory schizophrenia, he had the
perfect tape of office hubbub.
Mendax pulled out his partial list of Minerva users and began working
through the 30-odd pages. It was discouraging.
`The number you have dialled is not connected. Please check the number
before dialling again.'
Next number.
`Sorry, he is in a meeting at the moment. Can I have him return your
call?' Ah, no thanks.
Another try.
`That person is no longer working with our company. Can I refer you to
someone else?' Uhm, not really.
And another try.
Finally, success.
Mendax reached one of the contact names for a company in Perth. Valid
number, valid company, valid contact name. He cleared his throat to
deepen his voice even further and began.
`This is John Keller, an operator from OTC Minerva in Sydney. One of
our D090 hard drives has crashed. We've pulled across the data on the
back-up tape and we believe we have all your correct information. But
some of it might have been corrupted in the accident and we would just
like to confirm your details. Also the back-up tape is two days old,
so we want to check your information is up to date so your service is
not interrupted. Let me just dig out your details ...' Mendax shuffled
some papers around on the table top.
`Oh, dear. Yes. Let's check it,' the worried manager responded.
Mendax started reading all the information on the Minerva list
obtained from Pacific Island, except for one thing. He changed the fax
number slightly. It worked. The manager jumped right in.
`Oh, no. That's wrong. Our fax number is definitely wrong,' he said
and proceeded to give the correct number.
Mendax tried to sound concerned. `Hmm,' he told the manager. `We may
have bigger problems than we anticipated. Hmm.' He gave another
pregnant pause. Working up the courage to ask the Big Question.
It was hard to know who was sweating more, the fretting Perth manager,
tormented by the idea of loud staff complaints from all over the
company because the Minerva account was faulty, or the gangly kid
trying his hand at social engineering for the first time.
`Well,' Mendax began, trying to keep the sound of authority in his
voice. `Let's see. We have your account number, but we had better
check your password ... what was it?' An arrow shot from the bow.
It hit the target. `Yes, it's L-U-R-C-H--full stop.'
Lurch? Uhuh. An Addams Family fan.
`Can you make sure everything is working? We don't want our service
interrupted.' The Perth manager sounded quite anxious.
Mendax tapped away on the keyboard randomly and then paused. `Well, it
looks like everything is working just fine now,' he quickly reassured
him. Just fine.
`Oh, that's a relief!' the Perth manager exclaimed. `Thank you for
that. Thank you. I just can't thank you enough for calling us!' More
gratitude.
Mendax had to extract himself. This was getting embarrassing.
`Yes, well I'd better go now. More customers to call.' That should
work. The Perth manager wanted a contact telephone number, as
expected, if something went wrong--so Mendax gave him the one which
was permanently busy.
`Thank you again for your courteous service!' Uhuh. Anytime.
Mendax hung up and tried the toll-free Minerva number. The password
worked. He couldn't believe how easy it was to get in.
He had a quick look around, following the pattern of most hackers
breaking into a new machine. First thing to do was to check the
electronic mail of the `borrowed' account. Email often contains
valuable information. One company manager might send another
information about other account names, password changes or even phone
numbers to modems at the company itself. Then it was off to check the
directories available for anyone to read on the main system--another
good source of information. Final stop: Minerva's bulletin board of
news. This included postings from the system operators about planned
downtime or other service issues. He didn't stay long. The first visit
was usually mostly a bit of reconnaissance work.
Minerva had many uses. Most important among these was the fact that
Minerva gave hackers an entry point into various X.25 networks. X.25
is a type of computer communications network, much like the Unix-based
Internet or the VMS-based DECNET. It has different commands and
protocols, but the principle of an extensive worldwide data
communications network is the same. There is, however, one important
difference. The targets for hackers on the X.25 networks are often far
more interesting. For example, most banks are on X.25. Indeed, X.25
underpins many aspects of the world's financial markets. A number of
countries' classified military computer sites only run on X.25. It is
considered by many people to be more secure than the Internet or any
DECNET system.
Minerva allowed incoming callers to pass into the X.25
network--something most Australian universities did not offer at the
time. And Minerva let Australian callers do this without incurring a
long-distance telephone charge.
In the early days of Minerva, the OTC operators didn't seem to care
much about the hackers, probably because it seemed impossible to get
rid of them. The OTC operators managed the OTC X.25 exchange, which
was like a telephone exchange for the X.25 data network. This exchange
was the data gateway for Minerva and other systems connected to that
data network.
Australia's early hackers had it easy, until Michael Rosenberg
arrived.
Rosenberg, known on-line simply as MichaelR, decided to clean up
Minerva. An engineering graduate from Queensland University, Michael
moved to Sydney when he joined OTC at age 21. He was about the same
age as the hackers he was chasing off his system. Rosenberg didn't
work as an OTC operator, he managed the software which ran on Minerva.
And he made life hell for people like Force. Closing up security
holes, quietly noting accounts used by hackers and then killing those
accounts, Rosenberg almost single-handedly stamped out much of the
hacker activity in OTC's Minerva.
Despite this, the hackers--`my hackers' as he termed the regulars--had
a grudging respect for Rosenberg. Unlike anyone else at OTC, he was
their technical equal and, in a world where technical prowess was the
currency, Rosenberg was a wealthy young man.
He wanted to catch the hackers, but he didn't want to see them go to
prison. They were an annoyance, and he just wanted them out of his
system. Any line trace, however, had to go through Telecom, which was
at that time a separate body from OTC. Telecom, Rosenberg was told,
was difficult about these things because of strict privacy laws. So,
for the most part, he was left to deal with the hackers on his own.
Rosenberg could not secure his system completely since OTC didn't
dictate passwords to their customers. Their customers were usually
more concerned about employees being able to remember passwords easily
than worrying about warding off wily hackers. The result: the
passwords on a number of Minerva accounts were easy pickings.
The hackers and OTC waged a war from 1988 to 1990, and it was fought
in many ways.
Sometimes an OTC operator would break into a hacker's on-line session
demanding to know who was really using the account. Sometimes the
operators sent insulting messages to the hackers--and the hackers gave
it right back to them. They broke into the hacker's session with `Oh,
you idiots are at it again'. The operators couldn't keep the hackers
out, but they had other ways of getting even.
Electron, a Melbourne hacker and rising star in the Australian
underground, had been logging into a system in Germany via OTC's X.25
link. Using a VMS machine, a sort of sister system to Minerva, he had
been playing a game called Empire on the Altos system, a popular
hang-out for hackers. It was his first attempt at Empire, a complex
war game of strategy which attracted players from around the world.
They each had less than one hour per day to conquer regions while
keeping production units at a strategic level. The Melbourne hacker
had spent weeks building his position. He was in second place.
Then, one day, he logged into the game via Minerva and the German
system, and he couldn't believe what he saw on the screen in front of
him. His regions, his position in the game, all of it--weeks of
work--had been wiped out. An OTC operator had used an X.25
packet-sniffer to monitor the hacker's login and capture his password to
Empire. Instead of trading the usual insults, the operator had waited
for the hacker to logoff and then had hacked into the game and destroyed
the hacker's position.
Electron was furious. He had been so proud of his position in his very
first game. Still, wreaking havoc on the Minerva system in retribution
was out of the question. Despite the fact that they wasted weeks of
his work, Electron had no desire to damage their system. He considered
himself lucky to be able to use it as long as he did.
The anti-establishment attitudes nurtured in BBSes such as PI and Zen
fed on a love of the new and untried. There was no bitterness, just a
desire to throw off the mantle of the old and dive into the new.
Camaraderie grew from the exhilarating sense that the youth in this
particular time and place were constantly on the edge of big
discoveries. People were calling up computers with their modems and
experimenting. What did this key sequence do? What about that tone?
What would happen if ... It was the question which drove them to stay
up day and night, poking and prodding. These hackers didn't for the
most part do drugs. They didn't even drink that much, given their age.
All of that would have interfered with their burning desire to know,
would have dulled their sharp edge. The underground's
anti-establishment views were mostly directed at organisations which
seemed to block the way to the new frontier--organisations like
Telecom.
It was a powerful word. Say `Telecom' to a member of the computer
underground from that era and you will observe the most striking
reaction. Instant contempt sweeps across his face. There is a pause as
his lips curl into a noticeable sneer and he replies with complete
derision, `Telescum'. The underground hated Australia's national
telephone carrier with a passion equalled only to its love of
exploration. They felt that Telecom was backward and its staff had no
idea how to use their own telecommunications technology. Worst of all,
Telecom seemed to actively dislike BBSes.
Line noise interfered with one modem talking to another, and in the
eyes of the computer underground, Telecom was responsible for the line
noise. A hacker might be reading a message on PI, and there, in the
middle of some juicy technical titbit, would be a bit of crud--random
characters `2'28 v'1';D>nj4'--followed by the comment, `Line noise.
Damn Telescum! At their best as usual, I see'. Sometimes the line
noise was so bad it logged the hacker off, thus forcing him to spend
another 45 minutes attack dialling the BBS. The modems didn't have
error correction, and the faster the modem speed, the worse the impact
of line noise. Often it became a race to read mail and post messages
before Telecom's line noise logged the hacker off.
Rumours flew through the underground again and again that Telecom was
trying to bring in timed local calls. The volume of outrage was
deafening. The BBS community believed it really irked the national
carrier that people could spend an hour logged into a BBS for the cost
of one local phone call. Even more heinous, other rumours abounded
that Telecom had forced at least one BBS to limit each incoming call
to under half an hour. Hence Telecom's other nickname in the computer
underground: Teleprofit.
To the BBS community, Telecom's Protective Services Unit was the
enemy. They were the electronic police. The underground saw Protective
Services as `the enforcers'--an all-powerful government force which
could raid your house, tap your phone line and seize your computer
equipment at any time. The ultimate reason to hate Telecom.
There was such hatred of Telecom that people in the computer
underground routinely discussed ways of sabotaging the carrier. Some
people talked of sending 240 volts of electricity down the telephone
line--an act which would blow up bits of the telephone exchange along
with any line technicians who happened to be working on the cable at
the time. Telecom had protective fuses which stopped electrical surges
on the line, but BBS hackers had reportedly developed circuit plans
which would allow high-frequency voltages to bypass them. Other
members of the underground considered what sweet justice it would be
to set fire to all the cables outside a particular Telecom exchange
which had an easily accessible cable entrance duct.
It was against this backdrop that the underground began to shift into
phreaking. Phreaking is loosely defined as hacking the telephone
system. It is a very loose definition. Some people believe phreaking
includes stealing a credit card number and using it to make a
long-distance call for free. Purists shun this definition. To them,
using a stolen credit card is not phreaking, it is carding. They argue
that phreaking demands a reasonable level of technical skill and
involves manipulation of a telephone exchange. This manipulation may
manifest itself as using computers or electrical circuits to generate
special tones or modify the voltage of a phone line. The manipulation
changes how the telephone exchange views a particular telephone
line. The result: a free and hopefully untraceable call. The purist
hacker sees phreaking more as a way of eluding telephone traces than of
calling his or her friends around the world for free.
The first transition into phreaking and eventually carding happened
over a period of about six months in 1988. Early hackers on PI and Zen
relied primarily on dial-outs, like those at Melbourne University or
Telecom's Clayton office, to bounce around international computer
sites. They also used X.25 dial-outs in other countries--the US,
Sweden and Germany--to make another leap in their international
journeys.
Gradually, the people running these dial-out lines wised up. Dial-outs
started drying up. Passwords were changed. Facilities were cancelled.
But the hackers didn't want to give up access to overseas systems.
They'd had their first taste of international calling and they wanted
more. There was a big shiny electronic world to explore out there.
They began trying different methods of getting where they wanted to
go. And so the Melbourne underground moved into phreaking.
Phreakers swarmed to PABXes like bees to honey. A PABX, a private
automatic branch exchange, works like a mini-Telecom telephone
exchange. Using a PABX, the employee of a large company could dial
another employee in-house without incurring the cost of a local
telephone call. If the employee was, for example, staying in a hotel
out of town, the company might ask him to make all his calls through
the company's PABX to avoid paying extortionate hotel long-distance
rates. If the employee was in Brisbane on business, he could dial a
Brisbane number which might route him via the company's PABX to
Sydney. From there, he might dial out to Rome or London, and the
charge would be billed directly to the company. What worked for an
employee also worked for a phreaker.
A phreaker dialling into the PABX would generally need to either know
or guess the password allowing him to dial out again. Often, the
phreaker was greeted by an automated message asking for the employee's
telephone extension--which also served as the password. Well, that was
easy enough. The phreaker simply tried a series of numbers until he
found one which actually worked.
Occasionally, a PABX system didn't even have passwords. The managers
of the PABX figured that keeping the phone number secret was good
enough security. Sometimes phreakers made free calls out of PABXes
simply by exploited security flaws in a particular model or brand of
PABX. A series of specific key presses allowed the phreaker to get in
without knowing a password, an employee's name, or even the name of
the company for that matter.
As a fashionable pastime on BBSes, phreaking began to surpass hacking.
PI established a private phreaking section. For a while, it became
almost old hat to call yourself a hacker. Phreaking was forging the
path forward.
Somewhere in this transition, the Phreakers Five sprung to life. A
group of five hackers-turned-phreakers gathered in an exclusive group
on PI. Tales of their late-night podding adventures leaked into the
other areas of the BBS and made would-be phreakers green with
jealousy.
First, the phreakers would scout out a telephone pod--the grey steel,
rounded box perched nondescriptly on most streets. Ideally, the chosen
pod would be by a park or some other public area likely to be deserted
at night. Pods directly in front of suburban houses were a bit
risky--the house might contain a nosy little old lady with a penchant
for calling the local police if anything looked suspicious. And what
she would see, if she peered out from behind her lace curtains, was a
small tornado of action.
One of the five would leap from the van and open the pod with a key
begged, borrowed or stolen from a Telecom technician. The keys seemed
easy enough to obtain. The BBSes message boards were rife with gleeful
tales of valuable Telecom equipment, such as 500 metres of cable or a
pod key, procured off a visiting Telecom repairman either through
legitimate means or in exchange for a six-pack of beer.
The designated phreaker would poke inside the pod until he found
someone else's phone line. He'd strip back the cable, whack on a pair
of alligator clips and, if he wanted to make a voice call, run it to a
linesman's handset also borrowed, bought or stolen from Telecom. If he
wanted to call another computer instead of talking voice, he would
need to extend the phone line back to the phreakers' car. This is
where the 500 metres of Telecom cable came in handy. A long cable
meant the car, containing five anxious, whispering young men and a
veritable junkyard of equipment, would not have to sit next to the pod
for hours on end. That sort of scene might look a little suspicious to
a local resident out walking his or her dog late one night.
The phreaker ran the cable down the street and, if possible, around
the corner. He pulled it into the car and attached it to the waiting
computer modem. At least one of the five was proficient enough with
electronics hardware to have rigged up the computer and modem to the
car battery. The Phreaker's Five could now call any computer without
being traced or billed. The phone call charges would appear at the end
of a local resident's phone bill. Telecom did not itemise residential
telephone bills at the time. True, it was a major drama to zoom around
suburban streets in the middle of the night with computers, alligator
clips and battery adaptors in tow, but that didn't matter so much. In
fact, the thrill of such a cloak-and-dagger operation was as good as
the actual hacking itself. It was illicit. In the phreakers' own eyes,
it was clever. And therefore it was fun.
Craig Bowen didn't think much of the Phreakers Five's style of
phreaking. In fact, the whole growth of phreaking as a pastime
depressed him a bit. He believed it just didn't require the technical
skills of proper hacking. Hacking was, in his view, about the
exploration of a brave new world of computers. Phreaking was, well, a
bit beneath a good hacker. Somehow it demeaned the task at hand.
Still, he could see how in some cases it was necessary in order to
continue hacking. Most people in the underground developed some basic
skills in phreaking, though people like Bowen always viewed it more as
a means to an end--just a way of getting from computer A to computer
B, nothing more. Nonetheless, he allowed phreaking discussion areas in
the private sections of PI.
What he refused to allow was discussion areas around credit card
fraud. Carding was anathema to Bowen and he watched with alarm as some
members of the underground began to shift from phreaking into carding.
Like the transition into phreaking, the move into carding was a
logical progression. It occurred over a period of perhaps six months
in 1988 and was as obvious as a group of giggling schoolgirls.
Many phreakers saw it simply as another type of phreaking. In fact it
was a lot less hassle than manipulating some company's PABX. Instead,
you just call up an operator, give him some stranger's credit card
number to pay for the call, and you were on your way. Of course, the
credit cards had a broader range of uses than the PABXes. The advent
of carding meant you could telephone your friends in the US or UK and
have a long voice conference call with all of them
simultaneously--something which could be a lot tougher to arrange on a
PABX. There were other benefits. You could actually charge things with
that credit card. As in goods. Mail order goods.
One member of the underground who used the handle Ivan Trotsky,
allegedly ordered $50000 worth of goods, including a jet ski, from the
US on a stolen card, only to leave it sitting on the Australian docks.
The Customs guys don't tend to take stolen credit cards for duty
payments. In another instance, Trotsky was allegedly more successful.
A try-hard hacker who kept pictures of Karl Marx and Lenin taped to
the side of his computer terminal, Trotsky regularly spewed communist
doctrine across the underground. A self-contained paradox, he spent
his time attending Communist Party of Australia meetings and duck
shoots. According to one hacker, Trotsky's particular contribution to
the overthrow of the capitalist order was the arrangement of a
shipment of expensive modems from the US using stolen credit cards. He
was rumoured to have made a tidy profit by selling the modems in the
computer community for about $200 each. Apparently, being part of the
communist revolution gave him all sorts of ready-made
rationalisations. Membership has its advantages.
To Bowen, carding was little more than theft. Hacking may have been a
moral issue, but in early 1988 in Australia it was not yet much of a
legal one. Carding was by contrast both a moral and a legal issue.
Bowen recognised that some people viewed hacking as a type of
theft--stealing someone else's computer resources--but the argument
was ambiguous. What if no-one needed those resources at 2 a.m. on a
given night? It might be seen more as `borrowing' an under-used asset,
since the hacker had not permanently appropriated any property. Not so
for carding.
What made carding even less noble was that it required the technical
skill of a wind-up toy. Not only was it beneath most good hackers, it
attracted the wrong sort of people into the hacking scene. People who
had little or no respect for the early Australian underground's golden
rules of hacking: don't damage computer systems you break into
(including crashing them); don't change the information in those
systems (except for altering logs to cover your tracks); and share
information. For most early Australian hackers, visiting someone
else's system was a bit like visiting a national park. Leave it as you
find it.
While the cream seemed to rise to the top of the hacking hierarchy, it
was the scum that floated at the top of the carding community. Few
people in the underground typified this more completely than Blue
Thunder, who had been hanging around the outskirts of the Melbourne
underground since at least 1986. The senior hackers treated Blue
Blunder, as they sometimes called him, with great derision.
His entrance into the underground was as ignominious as that of a
debutante who, delicately descending the grand steps of the ballroom,
trips and tumbles head-first onto the dance floor. He picked a fight
with the grande doyenne of the Melbourne underground.
The Real Article occupied a special place in the underground. For
starters, The Real Article was a woman--perhaps the only female to
play a major role in the early Melbourne underground scene. Although
she didn't hack computers, she knew a lot about them. She ran The Real
Connection, a BBS frequented by many of the hackers who hung out on
PI. She wasn't somebody's sister wafting in and out of the picture in
search of a boyfriend. She was older. She was as good as married. She
had kids. She was a force to be reckoned with in the hacking
community.
Forthright and formidable, The Real Article commanded considerable
respect among the underground. A good indicator of this respect was the
fact that the members of H.A.C.K. had inducted her as an honorary member
of their exclusive club. Perhaps it was because she ran a popular
board. More likely it was because, for all their bluff and bluster, most
hackers were young men with the problems of young men. Being older and
wiser, The Real Article knew how to lend a sympathetic ear to those
problems. As a woman and a non-hacker, she was removed from the jumble
of male ego hierarchical problems associated with confiding in a
peer. She served as a sort of mother to the embryonic hacking community,
but she was young enough to avoid the judgmental pitfalls most parents
fall into with children.
The Real Article and Blue Thunder went into partnership running a BBS
in early 1986. Blue Thunder, then a high-school student, was desperate
to run a board, so she let him co-sysop the system. At first the
partnership worked. Blue Thunder used to bring his high-school essays
over for her to proofread and correct. But a short time into the
partnership, it went sour. The Real Article didn't like Blue Thunder's
approach to running a BBS, which appeared to her to be get information
from other hackers and then dump them. The specific strategy seemed to
be: get hackers to logon and store their valuable information on the
BBS, steal that information and then lock them out of their own
account. By locking them out, he was able to steal all the glory; he
could then claim the hacking secrets were his own. It was, in her
opinion, not only unsustainable, but quite immoral. She parted ways
with Blue Thunder and excommunicated him from her BBS.
Not long after, The Real Article started getting harassing phone calls
at 4 in the morning. The calls were relentless. Four a.m. on the dot,
every night. The voice at the other end of the line was computer
synthesised. This was followed by a picture of a machine-gun, printed
out on a cheap dot matrix printer in Commodore ASCII, delivered in her
letterbox. There was a threatening message attached which read
something like, `If you want the kids to stay alive, get them out of
the house'.
After that came the brick through the window. It landed in the back of
her TV. Then she woke up one morning to find her phone line dead.
Someone had opened the Telecom well in the nature strip across the
road and cut out a metre of cable. It meant the phone lines for the
entire street were down.
The Real Article tended to rise above the petty games that whining
adolescent boys with bruised egos could play, but this was too much.
She called in Telecom Protective Services, who put a last party
release on her phone line to trace the early-morning harassing calls.
She suspected Blue Thunder was involved, but nothing was ever proved.
Finally, the calls stopped. She voiced her suspicions to others in the
computer underground. Whatever shred of reputation Blue Chunder, as he
then became known for a time, had was soon decimated.
Since his own technical contributions were seen by his fellow BBS
users as limited, Blue Thunder would likely have faded into obscurity,
condemned to spend the rest of his time in the underground jumping
around the ankles of the aristocratic hackers. But the birth of
carding arrived at a fortuitous moment for him and he got into carding
in a big way, so big in fact that he soon got busted.
People in the underground recognised him as a liability, both because
of what many hackers saw as his loose morals and because he was
boastful of his activities. One key hacker said, `He seemed to relish
the idea of getting caught. He told people he worked for a credit
union and that he stole lots of credit card numbers. He sold
information, such as accounts on systems, for financial gain.' In
partnership with a carder, he also allegedly sent a bouquet of flowers
to the police fraud squad--and paid for it with a stolen credit card
number.
On 31 August 1988, Blue Thunder faced 22 charges in the Melbourne
Magistrates Court, where he managed to get most of the charges dropped
or amalgamated. He only ended up pleading guilty to five counts,
including deception and theft. The Real Article sat in the back of the
courtroom watching the proceedings. Blue Thunder must have been pretty
worried about what kind of sentence the magistrate would hand down
because she said he approached her during the lunch break and asked if
she would appear as a character witness for the defence. She looked
him straight in the eye and said, `I think you would prefer it if I
didn't'. He landed 200 hours of community service and an order to pay
$706 in costs.
Craig Bowen didn't like where the part of the underground typified by
Blue Thunder was headed. In his view, Chunder and Trotsky stood out as
bad apples in an otherwise healthy group, and they signalled an
unpleasant shift towards selling information. This was perhaps the
greatest taboo. It was dirty. It was seedy. It was the realm of
criminals, not explorers. The Australian computer underground had
started to lose some of its fresh-faced innocence.
Somewhere in the midst of all this, a new player entered the Melbourne
underground. His name was Stuart Gill, from a company called
Hackwatch.
Bowen met Stuart through Kevin Fitzgerald, a well-known local hacker
commentator who founded the Chisholm Institute of Technology's
Computer Abuse Research Bureau, which later became the Australian
Computer Abuse Research Bureau. After seeing a newspaper article
quoting Fitzgerald, Craig decided to ring up the man many members of
the underground considered to be a hacker-catcher. Why not? There were
no federal laws in Australia against hacking, so Bowen didn't feel
that nervous about it. Besides, he wanted to meet the enemy. No-one
from the Australian underground had ever done it before, and Bowen
decided it was high time. He wanted to set the record straight with
Fitzgerald, to let him know what hackers were really on about. They
began to talk periodically on the phone.
Along the way, Bowen met Stuart Gill who said that he was working with
Fitzgerald.4 Before long, Gill began visiting PI. Eventually, Bowen
visited Gill in person at the Mount Martha home he shared with his
elderly aunt and uncle. Stuart had all sorts of computer equipment
hooked up there, and a great number of boxes of papers in the garage.
`Oh, hello there, Paul,' Gill's ancient-looking uncle said when he saw
the twosome. As soon as the old man had tottered off, Gill pulled
Bowen aside confidentially.
`Don't worry about old Eric,' he said. `He lost it in the war. Today
he thinks I'm Paul, tomorrow it will be someone else.'
Bowen nodded, understanding.
There were many strange things about Stuart Gill, all of which seemed
to have a rational explanation, yet that explanation somehow never
quite answered the question in full.
Aged in his late thirties, he was much older and far more worldly than
Craig Bowen. He had very, very pale skin--so pasty it looked as though
he had never sat in the sun in his life.
Gill drew Bowen into the complex web of his life. Soon he told the
young hacker that he wasn't just running Hackwatch, he was also
involved in intelligence work. For the Australian Federal Police. For
ASIO. For the National Crime Authority. For the Victoria Police's
Bureau of Criminal Intelligence (BCI). He showed Bowen some secret
computer files and documents, but he made him sign a special form
first--a legal-looking document demanding non-disclosure based on some
sort of official secrets act.
Bowen was impressed. Why wouldn't he be? Gill's cloak-and-dagger world
looked like the perfect boy's own adventure. Even bigger and better
than hacking. He was a little strange, but that was part of the
allure.
Like the time they took a trip to Sale together around Christmas 1988.
Gill told Bowen he had to get out of town for a few days--certain
undesirable people were after him. He didn't drive, so could Craig
help him out? Sure, no problem. They had shared an inexpensive motel
room in Sale, paid for by Gill.
Being so close to Christmas, Stuart told Craig he had brought him two
presents. Craig opened the first--a John Travolta fitness book. When
Craig opened the second gift, he was a little stunned. It was a red
G-string for men. Craig didn't have a girlfriend at the time--perhaps
Stuart was trying to help him get one.
`Oh, ah, thanks,' Craig said, a bit confused.
`Glad you like it,' Stuart said. `Go on. Try it on.'
`Try it on?' Craig was now very confused.
`Yeah, mate, you know, to see if it fits. That's all.'
`Oh, um, right.'
Craig hesitated. He didn't want to seem rude. It was a weird request,
but never having been given a G-string before, he didn't know the
normal protocol. After all, when someone gives you a jumper, it's
normal for them to ask you to try it on, then and there, to see if it
fits.
Craig tried it on. Quickly.
`Yes, seems to fit,' Stuart said matter of factly, then turned away.
Craig felt relieved. He changed back into his clothing.
That night, and on many others during their trips or during Craig's
overnight visits to Stuart's uncle's house, Craig lay in bed wondering
about his secretive new friend.
Stuart was definitely a little weird, but he seemed to like women so
Craig figured he couldn't be interested in Craig that way. Stuart
bragged that he had a very close relationship with a female newspaper
reporter, and he always seemed to be chatting up the girl at the video
store.
Craig tried not to read too much into Stuart's odd behaviour, for the
young man was willing to forgive his friend's eccentricities just to
be part of the action. Soon Stuart asked Craig for access to
PI--unrestricted access.
The idea made Craig uncomfortable, but Stuart was so persuasive. How
would he be able to continue his vital intelligence work without
access to Victoria's most important hacking board? Besides, Stuart
Gill of Hackwatch wasn't after innocent-faced hackers like Craig
Bowen. In fact, he would protect Bowen when the police came down on
everyone. What Stuart really wanted was the carders--the fraudsters.
Craig didn't want to protect people like that, did he?
Craig found it a little odd, as usual, that Stuart seemed to be after
the carders, yet he had chummed up with Ivan Trotsky. Still, there
were no doubt secrets Stuart couldn't reveal--things he wasn't allowed
to explain because of his intelligence work.
Craig agreed.
What Craig couldn't have known as he pondered Stuart Gill from the
safety of his boyish bedroom was exactly how much innocence the
underground was still to lose. If he had foreseen the next few
years--the police raids, the Ombudsman's investigation, the stream of
newspaper articles and the court cases--Craig Bowen would, at that
very moment, probably have reached over and turned off his beloved PI
and Zen forever.
Chapter 3 -- The American Connection.
US forces give the nod; It's a setback for your country.
-- from `US Forces', 10, 9, 8, 7, 6, 5, 4, 3, 2, 1.
Force had a secret. The Parmaster wanted it.
Like most hackers, The Parmaster didn't just want the secret, he
needed it. He was in that peculiar state attained by real hackers
where they will do just about anything to obtain a certain piece of
information. He was obsessed.
Of course, it wasn't the first time The Parmaster craved a juicy piece
of information. Both he and Force knew all about infatuation. That's
how it worked with real hackers. They didn't just fancy a titbit here
and there. Once they knew information about a particular system was
available, that there was a hidden entrance, they chased it down
relentlessly. So that was exactly what Par was doing. Chasing Force
endlessly, until he got what he wanted.
It began innocently enough as idle conversation between two giants in
the computer underground in the first half of 1988. Force, the
well-known Australian hacker who ran the exclusive Realm BBS in
Melbourne, sat chatting with Par, the American master of X.25
networks, in Germany. Neither of them was physically in Germany, but
Altos was.
Altos Computer Systems in Hamburg ran a conference feature called
Altos Chat on one of its machines. You could call up from anywhere on
the X.25 data communications network, and the company's computer would
let you connect. Once connected, with a few brief keystrokes, the
German machine would drop you into a real-time, on-screen talk session
with anyone else who happened to be on-line. While the rest of the
company's computer system grunted and toiled with everyday labours,
this corner of the machine was reserved for live on-line chatting. For
free. It was like an early form of the Internet Relay Chat. The
company probably hadn't meant to become the world's most prestigious
hacker hang-out, but it soon ended up doing so.
Altos was the first significant international live chat channel, and
for most hackers it was an amazing thing. The good hackers had cruised
through lots of computer networks around the world. Sometimes they
bumped into one another on-line and exchanged the latest gossip.
Occasionally, they logged into overseas BBSes, where they posted
messages. But Altos was different. While underground BBSes had a
tendency to simply disappear one day, gone forever, Altos was always
there. It was live. Instantaneous communications with a dozen other
hackers from all sorts of exotic places. Italy. Canada. France.
England. Israel. The US. And all these people not only shared an
interest in computer networks but also a flagrant contempt for
authority of any type. Instant, real-time penpals--with attitude.
However, Altos was more exclusive than the average underground BBS.
Wanna-be hackers had trouble getting into it because of the way X.25
networks were billed. Some systems on the network took reverse-charge
connections--like a 1-800 number--and some, including Altos, didn't.
To get to Altos you needed a company's NUI (Network User Identifier),
which was like a calling card number for the X.25 network, used to
bill your time on-line. Or you had to have access to a system like
Minerva which automatically accepted billing for all the connections
made.
X.25 networks are different in various ways from the Internet, which
developed later. X.25 networks use different communication protocols
and, unlike the Internet at the user-level, they only use addresses
containing numbers not letters. Each packet of information travelling
over a data network needs to be encased in a particular type of
envelope. A `letter' sent across the X.25 network needs an X.25
`stamped' envelope, not an Internet `stamped' envelope.
The X.25 networks were controlled by a few very large players,
companies such as Telenet and Tymnet, while the modern Internet is, by
contrast, a fragmented collection of many small and medium-sized
sites.
Altos unified the international hacking world as nothing else had
done. In sharing information about their own countries' computers and
networks, hackers helped each other venture further and further
abroad. The Australians had gained quite a reputation on Altos. They
knew their stuff. More importantly, they possessed DEFCON, a program
which mapped out uncharted networks and scanned for accounts on
systems within them. Force wrote DEFCON based on a simple automatic
scanning program provided by his friend and mentor, Craig Bowen
(Thunderbird1).
Like the telephone system, the X.25 networks had a large number of
`phone numbers', called network user addresses (NUAs). Most were not
valid. They simply hadn't been assigned to anyone yet. To break into
computers on the network, you had to find them first, which meant
either hearing about a particular system from a fellow hacker or
scanning. Scanning--typing in one possible address after another--was
worse than looking for a needle in a haystack. 02624-589004-0004. Then
increasing the last digit by one on each attempt. 0005. 0006. 0007.
Until you hit a machine at the other end.
Back in 1987 or early 1988, Force had logged into Pacific Island for a
talk with Craig Bowen. Force bemoaned the tediousness of hand
scanning.
`Well, why the hell are you doing it manually?' Bowen responded. `You
should just use my program.' He then gave Force the source code for
his simple automated scanning program, along with instructions.
Force went through the program and decided it would serve as a good
launchpad for bigger things, but it had a major limitation. The
program could only handle one connection at a time, which meant it
could only scan one branch of a network at a time.
Less than three months later, Force had rewritten Bowen's program into
the far more powerful DEFCON, which became the jewel in the crown of
the Australian hackers' reputation. With DEFCON, a hacker could
automatically scan fifteen or twenty network addresses simultaneously.
He could command the computer to map out pieces of the Belgian,
British and Greek X.25 communications networks, looking for computers
hanging off the networks like buds at the tips of tree branches.
Conceptually, the difference was a little like using a basic PC, which
can only run one program at a time, as opposed to operating a more
sophisticated one where you can open many windows with different
programs running all at once. Even though you might only be working in
one window, say, writing a letter, the computer might be doing
calculations in a spreadsheet in another window in the background. You
can swap between
different functions, which are all running in the background
simultaneously.
While DEFCON was busy scanning, Force could do other things, such as
talk on Altos. He continued improving DEFCON, writing up to four more
versions of the program. Before long, DEFCON didn't just scan twenty
different connections at one time; it also automatically tried to
break into all the computers it found through those connections.
Though the program only tried basic default passwords, it had a fair
degree of success, since it could attack so many network addresses at
once. Further, new sites and mini-networks were being added so quickly
that security often fell by the wayside in the rush to join in. Since
the addresses were unpublished, companies often felt this obscurity
offered enough protection.
DEFCON produced lists of thousands of computer sites to raid. Force
would leave it scanning from a hacked Prime computer, and a day or two
later he would have an output file with 6000 addresses on different
networks. He perused the list and selected sites which caught his
attention. If his program had discovered an interesting address, he
would travel over the X.25 network to the site and then try to break
into the computer at that address. Alternatively, DEFCON might have
already successfully penetrated the machine using a default password,
in which case the address, account name and password would all be
waiting for Force in the log file. He could just walk right in.
Everyone on Altos wanted DEFCON, but Force refused to hand over the
program. No way was he going to have other hackers tearing up virgin
networks. Not even Erik Bloodaxe, one of the leaders of the most
prestigious American hacking group, Legion of Doom (LOD), got DEFCON
when he asked for it. Erik took his handle from the name of a Viking
king who ruled over the area now known as York, England. Although Erik
was on friendly terms with the Australian hackers, Force remained
adamant. He would not let the jewel out of his hands.
But on this fateful day in 1988, Par didn't want DEFCON. He wanted the
secret Force had just discovered, but held so very close to his chest.
And the Australian didn't want to give it to him.
Force was a meticulous hacker. His bedroom was remarkably tidy, for a
hacker's room. It had a polished, spartan quality. There were a few
well-placed pieces of minimalist furniture:
a black enamel metal single bed, a modern black bedside
table and a single picture on the wall--a photographic poster of
lightning, framed in glass. The largest piece of furniture was a
blue-grey desk with a return, upon which sat his computer, a printer
and an immaculate pile of print-outs. The bookcase, a tall modern
piece matching the rest of the furniture, contained an extensive
collection of fantasy fiction books, including what seemed to be
almost everything ever written by David Eddings. The lower shelves
housed assorted chemistry and programming books. A chemistry award
proudly jutted out from the shelf housing a few Dungeons and Dragons
books.
He kept his hacking notes in an orderly set of plastic folders, all
filed in the bottom of his bookcase. Each page of notes, neatly
printed and surrounded by small, tidy handwriting revealing updates
and minor corrections, had its own plastic cover to prevent smudges or
stains.
Force thought it was inefficient to hand out his DEFCON program and
have ten people scan the same network ten different times. It wasted
time and resources. Further, it was becoming harder to get access to
the main X.25 sites in Australia, like Minerva. Scanning was the type
of activity likely to draw the attention of a system admin and result
in the account being killed. The more people who scanned, the more
accounts would be killed, and the less access the Australian hackers
would have. So Force refused to hand over DEFCON to hackers outside
The Realm, which is one thing that made it such a powerful group.
Scanning with DEFCON meant using Netlink, a program which legitimate
users didn't often employ. In his hunt for hackers, an admin might
look for people running Netlink, or he might just examine which
systems a user was connecting to. For example, if a hacker connected
directly to Altos from Minerva without hopping through a respectable
midpoint, such as another corporate machine overseas, he could count
on the Minerva admins killing off the account.
DEFCON was revolutionary for its time, and difficult to reproduce. It
was written for Prime computers, and not many hackers knew how to
write programs for Primes. In fact, it was exceedingly difficult for
most hackers to learn programming of any sort for large, commercial
machines. Getting the system engineering manuals was tough work and
many of the large companies guarded their manuals almost as trade
secrets. Sure, if you bought a $100000 system, the company would give
you a few sets of operating manuals, but that was well beyond the
reach of a teenage hacker. In general, information was hoarded--by the
computer manufacturers, by the big companies which bought the systems,
by the system administrators and even by the universities.
Learning on-line was slow and almost as difficult. Most hackers used
300 or 1200 baud modems. Virtually all access to these big, expensive
machines was illegal. Every moment on-line was a risky proposition.
High schools never had these sorts of expensive machines. Although
many universities had systems, the administrators were usually miserly
with time on-line for students. In most cases, students only got
accounts on the big machines in their second year of computer science
studies. Even then, student accounts were invariably on the
university's oldest, clunkiest machine. And if you weren't a comp-sci
student, forget it. Indulging your intellectual curiosity in VMS
systems would never be anything more than a pipe dream.
Even if you did manage to overcome all the roadblocks and develop some
programming experience in VMS systems, for example, you might only be
able to access a small number of machines on any given network. The
X.25 networks connected a large number of machines which used very
different operating systems. Many, such as Primes, were not in the
least bit intuitive. So if you knew VMS and you hit a Prime machine,
well, that was pretty much it.
Unless, of course, you happened to belong to a clan of hackers like
The Realm. Then you could call up the BBS and post a message. `Hey, I
found a really cool Primos system at this address. Ran into problems
trying to figure the parameters of the Netlink command. Ideas anyone?'
And someone from your team would step forward to help.
In The Realm, Force tried to assemble a diverse group of Australia's
best hackers, each with a different area of expertise. And he happened
to be the resident expert in Prime computers.
Although Force wouldn't give DEFCON to anyone outside The Realm, he
wasn't unreasonable. If you weren't in the system but you had an
interesting network you wanted mapped, he would scan it for you. Force
referred to scans for network user addresses as `NUA sprints'. He
would give you a copy of the NUA sprint. While he was at it, he would
also keep a copy for The Realm. That was efficient. Force's pet
project was creating a database of systems and networks for The Realm,
so he simply added the new information to its database.
Force's great passion was mapping new networks, and new mini-networks
were being added to the main X.25 networks all the time. A large
corporation, such a BHP, might set up its own small-scale network
connecting its offices in Western Australia, Queensland, Victoria and
the United Kingdom. That mini-network might be attached to a
particular X.25 network, such as Austpac. Get into the Austpac network
and chances were you could get into any of the company's sites.
Exploration of all this uncharted territory consumed most of Force's
time. There was something cutting-edge, something truly adventurous
about finding a new network and carefully piecing together a picture
of what the expanding web looked like. He drew detailed pictures and
diagrams showing how a new part of the network connected to the rest.
Perhaps it appealed to his sense of order, or maybe he was just an
adventurer at heart. Whatever the underlying motivation, the maps
provided The Realm with yet another highly prized asset.
When he wasn't mapping networks, Force published Australia's first
underground hacking journal, Globetrotter. Widely read in the
international hacking community, Globetrotter reaffirmed Australian
hackers' pre-eminent position in the international underground.
But on this particular day, Par wasn't thinking about getting a copy
of Globetrotter or asking Force to scan a network for him. He was
thinking about that secret. Force's new secret. The secret Parmaster
desperately wanted.
Force had been using DEFCON to scan half a dozen networks while he
chatted to Par on Altos. He found an interesting connection from the
scan, so he went off to investigate it. When he connected to the
unknown computer, it started firing off strings of numbers at Force's
machine. Force sat at his desk and watched the characters rush by on
his screen.
It was very odd. He hadn't done anything. He hadn't sent any commands
to the mystery computer. He hadn't made the slightest attempt to break
into the machine. Yet here the thing was throwing streams of numbers.
What kind of computer was this? There might have been some sort of
header which would identify the computer, but it had zoomed by so fast
in the unexpected data dump that Force had missed it.
Force flipped over to his chat with Par on Altos. He didn't completely
trust Par, thinking the friendly American sailed a bit close to the
wind. But Par was an expert in X.25 networks and was bound to have
some clue about these numbers. Besides, if they turned out to be
something sensitive, Force didn't have to tell Par where he found
them.
`I've just found a bizarre address. It is one strange system. When I
connected, it just started shooting off numbers at me. Check these
out.'
Force didn't know what the numbers were, but Par sure did. `Those look
like credit cards,' he typed back.
`Oh.' Force went quiet.
Par thought the normally chatty Australian hacker seemed astonished.
After a short silence, the now curious Par nudged the conversation
forward. `I have a way I can check out whether they really are valid
cards,' he volunteered. `It'll take some time, but I should be able to
do it and get back to you.'
`Yes.' Force seemed hesitant. `OK.'
On the other side of the Pacific from Par, Force thought about this
turn of events. If they were valid credit cards, that was very cool.
Not because he intended to use them for credit card fraud in the way
Ivan Trotsky might have done. But Force could use them for making
long-distance phone calls to hack overseas. And the sheer number of
cards was astonishing. Thousand and thousands of them. Maybe 10000.
All he could think was, Shit! Free connections for the rest of my
life.
Hackers such as Force considered using cards to call overseas computer
systems a little distasteful, but certainly acceptable. The card owner
would never end up paying the bill anyway. The hackers figured that
Telecom, which they despised, would probably have to wear the cost in
the end, and that was fine by them. Using cards to hack was nothing
like ordering consumer goods. That was real credit card fraud. And
Force would never sully his hands with that sort of behaviour.
Force scrolled back over his capture of the numbers which had been
injected into his machine. After closer inspection, he saw there were
headers which appeared periodically through the list. One said,
`CitiSaudi'.
He checked the prefix of the mystery machine's network address again.
He knew from previous scans that it belonged to one of the world's
largest banks. Citibank.
The data dump continued for almost three hours. After that, the
Citibank machine seemed to go dead. Force saw nothing but a blank
screen, but he kept the connection open. There was no way he was going
to hang up from this conversation. He figured this had to be a freak
connection--that he accidentally connected to this machine somehow,
that it wasn't really at the address he had tried based on the DEFCON
scan of Citibank's network.
How else could it have happened? Surely Citibank wouldn't have a
computer full of credit cards which spilled its guts every time
someone rang up to say `hello'? There would be tonnes of security on a
machine like that. This machine didn't even have a password. It didn't
even need a special character command, like a secret handshake.
Freak connections happened now and then on X.25
networks. They had the same effect as a missed voice phone
connection. You dial a friend's number--and you dial it correctly--but
somehow the call gets screwed up in the tangle of wires and exchanges
and your call gets put through to another number entirely. Of course,
once something like that happens to an X.25 hacker, he immediately
tries to figure out what the hell is going on, to search every shred
of data from the machine looking for the system's real address.
Because it was an accident, he suspects he will never find the machine
again.
Force stayed home from school for two days to keep the connection
alive and to piece together how he landed on the doorstep of this
computer. During this time, the Citibank computer woke up a few times,
dumped a bit more information, and then went back to sleep. Keeping
the connection alive meant running a small risk of discovery by an
admin at his launch point, but the rewards in this case far exceeded
the risk.
It wasn't all that unusual for Force to skip school to hack. His
parents used to tell him, `You better stop it, or you'll have to wear
glasses one day'. Still, they didn't seem to worry too much, since
their son had always excelled in school without much effort. At the
start of his secondary school career he had tried to convince his
teachers he should skip year 9. Some objected. It was a hassle, but he
finally arranged it by quietly doing the coursework for year 9 while
he was in year 8.
After Force had finally disconnected from the CitiSaudi computer and
had a good sleep, he decided to check on whether he could reconnect to
the machine. At first, no-one answered, but when he tried a little
later, someone answered all right. And it was the same talkative
resident who answered the door the first time. Although it only seemed
to work at certain hours of the day, the Citibank network address was
the right one. He was in again.
As Force looked over the captures from his Citibank hack, he noticed
that the last section of the data dump didn't contain credit card
numbers like the first part. It had people's names--Middle Eastern
names--and a list of transactions. Dinner at a restaurant. A visit to
a brothel. All sorts of transactions. There was also a number which
looked like a credit limit, in come cases a very, very large limit,
for each person. A sheik and his wife appeared to have credit limits
of $1 million--each. Another name had a limit of $5 million.
There was something strange about the data, Force thought. It was not
structured in a way which suggested the Citibank machine was merely
transmitting data to another machine. It looked more like a text file
which was being dumped from a computer to a line printer.
Force sat back and considered his exquisite discovery. He decided this
was something he would share only with a very few close, trusted
friends from The Realm. He would tell Phoenix and perhaps one other
member, but no-one else.
As he looked through the data once more, Force began to feel a little
anxious. Citibank was a huge financial institution, dependent on the
complete confidence of its customers. The corporation would lose a lot
of face if news of Force's discovery got out. It might care enough to
really come after him. Then, with the sudden clarity of the lightning
strike photo which hung on his wall, a single thought filled his mind.
I am playing with fire.
`Where did you get those numbers?' Par asked Force next time they were
both on Altos.
Force hedged. Par leaped forward.
`I checked those numbers for you. They're valid,' he told Force. The
American was more than intrigued. He wanted that network address. It
was lust. Next stop, mystery machine. `So, what's the address?'
That was the one question Force didn't want to hear. He and Par had a
good relationship, sharing information comfortably if occasionally.
But that relationship only went so far. For all he knew, Par might
have a less than desirable use for the information. Force didn't know
if Par carded, but he felt sure Par had friends who might be into it.
So Force refused to tell Par where to find the mystery machine.
Par wasn't going to give up all that easily. Not that he would use the
cards for free cash, but, hey, the mystery machine seemed like a very
cool place to check out. There would be no peace for Force until Par
got what he wanted. Nothing is so tempting to a hacker as the faintest
whiff of information about a system he wants, and Par hounded Force
until the Australian hacker relented just a bit.
Finally Force told Par roughly where DEFCON had been scanning for
addresses when it stumbled upon the CitiSaudi machine. Force wasn't
handing over the street address, just the name of the suburb. DEFCON
had been accessing the Citibank network through Telenet, a large
American data network using X.25 communications protocols. The
sub-prefixes for the Citibank portion of the network were 223 and 224.
Par pestered Force some more for the rest of the numbers, but the
Australian had dug his heels in. Force was too careful a player, too
fastidious a hacker, to allow himself to get mixed up in the things
Par might get up to.
OK, thought the seventeen-year-old Par, I can do this without you. Par
estimated there were 20000 possible addresses on that network, any one
of which might be the home of the mystery machine. But he assumed the
machine would be in the low end of the network, since the lower
numbers were usually used first and the higher numbers were generally
saved for other, special network functions. His assumptions narrowed
the likely search field to about 2000 possible addresses.
Par began hand-scanning on the Citibank Global Telecommunications
Network (GTN) looking for the mystery machine. Using his knowledge of
the X.25 network, he picked a number to start with. He typed 22301,
22302, 22303. On and on, heading toward 22310000. Hour after hour,
slowly, laboriously, working his way through all the options, Par
scanned out a piece, or a range, within the network. When he got bored
with the 223 prefix, he tried out the 224 one for a bit of variety.
Bleary-eyed and exhausted after a long night at the computer, Par felt
like calling it quits. The sun had splashed through the windows of his
Salinas, California, apartment hours ago. His living room was a mess,
with empty, upturned beer cans circling his Apple IIe. Par gave up for
a while, caught some shut-eye. He had gone through the entire list of
possible addresses, knocking at all the doors, and nothing had
happened. But over the next few days he returned to scanning the
network again. He decided to be more methodical about it and do the
whole thing from scratch a second time.
He was part way through the second scan when it happened. Par's
computer connected to something. He sat up and peered toward the
screen. What was going on? He checked the address. He was sure he had
tried this one before and nothing had answered. Things were definitely
getting strange. He stared at his computer.
The screen was blank, with the cursor blinking silently at the top.
Now what? What had Force done to get the computer to sing its song?
Par tried pressing the control key and a few different letters.
Nothing. Maybe this wasn't the right address after all. He
disconnected from the machine and carefully wrote down the address,
determined to try it again later.
On his third attempt, he connected again but found the same irritating
blank screen. This time he went through the entire alphabet with the
control key.
Control L.
That was the magic keystroke. The one that made CitiSaudi give up its
mysterious cache. The one that gave Par an adrenalin rush, along with
thousands and thousands of cards. Instant cash, flooding his screen.
He turned on the screen capture so he could collect all the
information flowing past and analyse it later. Par had to keep feeding
his little Apple IIe more disks to store all the data coming in
through his 1200 baud modem.
It was magnificent. Par savoured the moment, thinking about how much
he was going to enjoy telling Force. It was going to be sweet. Hey,
Aussie, you aren't the only show in town. See ya in Citibank.
An hour or so later, when the CitiSaudi data dump had finally
finished, Par was stunned at what he found in his capture. These
weren't just any old cards. These were debit cards, and they were held
by very rich Arabs. These people just plopped a few million in a bank
account and linked a small, rectangular piece of plastic to that
account. Every charge came directly out of the bank balance. One guy
listed in the data dump bought a $330,000 Mercedes Benz in
Istanbul--on his card. Par couldn't imagine being able to throw down a
bit of plastic for that. Taking that plastic out for a spin around the
block would bring a whole new meaning to the expression, `Charge it!'
When someone wins the lottery, they often feel like sharing with their
friends. Which is exactly what Par did. First, he showed his
room-mates. They thought it was very cool. But not nearly so cool as
the half dozen hackers and phreakers who happened to be on the
telephone bridge Par frequented when the master of X.25 read off a
bunch of the cards.
Par was a popular guy after that day. Par was great, a sort of Robin
Hood of the underground. Soon, everyone wanted to talk to him. Hackers
in New York. Phreakers in Virginia. And the Secret Service in San
Francisco.
Par didn't mean to fall in love with Theorem. It was an accident, and
he couldn't have picked a worse girl to fall for. For starters, she
lived in Switzerland. She was 23 and he was only seventeen. She also
happened to be in a relationship--and that relationship was with
Electron, one of the best Australian hackers of the late 1980s. But
Par couldn't help himself. She was irresistible, even though he had
never met her in person. Theorem was different. She was smart and
funny, but refined, as a European woman can be.
They met on Altos in 1988.
Theorem didn't hack computers. She didn't need to, since she could
connect to Altos through her old university computer account. She had
first found Altos on 23 December 1986. She remembered the date for two
reasons. First, she was amazed
at the power of Altos--that she could have a live conversation on-line
with a dozen people in different countries at the same time. Altos was
a whole new world for her. Second, that was the day she met Electron.
Electron made Theorem laugh. His sardonic, irreverent humour hit a
chord with her. Traditional Swiss society could be stifling and
closed, but Electron was a breath of fresh air. Theorem was Swiss but
she didn't always fit the mould. She hated skiing. She was six feet
tall. She liked computers.
When they met on-line, the 21-year-old Theorem was at a crossroad in
her youth. She had spent a year and a half at university studying
mathematics. Unfortunately, the studies had not gone well. The truth
be told, her second year of university was in fact the first year all
over again. A classmate had introduced her to Altos on the
university's computers. Not long after she struck up a relationship
with Electron, she dropped out of uni all together and enrolled in a
secretarial course. After that, she found a secretarial job at a
financial institution.
Theorem and Electron talked on Altos for hours at a time. They talked
about everything--life, family, movies, parties--but not much about
what most people on Altos talked about--hacking. Eventually, Electron
gathered up the courage to ask Theorem for her voice telephone number.
She gave it to him happily and Electron called her at home in
Lausanne. They talked. And talked. And talked. Soon they were on the
telephone all the time.
Seventeen-year-old Electron had never had a girlfriend. None of the
girls in his middle-class high school would give him the time of day
when it came to romance. Yet here was this bright, vibrant girl--a
girl who studied maths--speaking to him intimately in a melting French
accent. Best of all, she genuinely liked him. A few words from his
lips could send her into silvery peals of laughter.
When the phone bill arrived, it was $1000. Electron surreptitiously
collected it and buried it at the bottom of a drawer in his bedroom.
When he told Theorem, she offered to help pay for it. A cheque for
$700 showed up not long after. It made the task of explaining
Telecom's reminder notice to his father much easier.
The romantic relationship progressed throughout 1987 and the first
half of 1988. Electron and Theorem exchanged love letters and tender
intimacies over 16000 kilometres of computer networks, but the
long-distance relationship had some bumpy periods. Like when she had
an affair over several months with Pengo. A well-known German hacker
with links to the German hacking group called the Chaos Computer Club,
Pengo was also a friend and mentor to Electron. Pengo was, however,
only a short train ride away from Theorem. She became friends with
Pengo on Altos and eventually visited him. Things progressed from
there.
Theorem was honest with Electron about the affair, but there was
something unspoken, something below the surface. Even after the affair
ended, Theorem was sweet on Pengo the way a girl remains fond of her
first love regardless of how many other men she has slept with since
then.
Electron felt hurt and angry, but he swallowed his pride and forgave
Theorem her dalliance. Eventually, Pengo disappeared from the scene.
Pengo had been involved with people who sold US military
secrets--taken from computers--to the KGB. Although his direct
involvement in the ongoing international computer espionage had been
limited, he began to worry about the risks. His real interest was in
hacking, not spying. The Russian connection simply enabled him to get
access to bigger and better computers. Beyond that, he felt no loyalty
to the Russians.
In the first half of 1988, he handed himself in to the German
authorities. Under West German law at the time, a citizen-spy who
surrendered himself before the state discovered the crime, and thus
averted more damage to the state, acquired immunity from prosecution.
Having already been busted in December 1986 for using a stolen NUI,
Pengo decided that turning himself in would be his best hope of taking
advantage of this legal largesse.
By the end of the year, things had become somewhat hairy for Pengo and
in March 1989 the twenty-year-old from Berlin was raided again, this
time with the four others involved in the spy ring. The story broke
and the media exposed Pengo's real name. He didn't know if he would
eventually be tried and convicted of something related to the
incident. Pengo had a few things on his mind other than the six-foot
Swiss girl.
With Pengo out of the way, the situation between Theorem and the
Australian hacker improved. Until Par came along.
Theorem and Par began innocently enough. Being one of only a few girls
in the international hacking and phreaking scene and, more
particularly, on Altos, she was treated differently. She had lots of
male friends on the German chat system, and the boys told her things
in confidence they would never tell each other. They sought out her
advice. She often felt like she wore many hats--mother, girlfriend,
psychiatrist--when she spoke with the boys on Altos.
Par had been having trouble with his on-line girlfriend, Nora, and
when he met Theorem he turned to her for a bit of support. He had
travelled from California to meet Nora in person in New York. But when
he arrived in the sweltering heat of a New York summer, without
warning, her conservative Chinese parents didn't take kindly to his
unannounced appearance. There were other frictions between Nora and
Par. The relationship had been fine on Altos and on the phone, but
things were just not clicking in person.
He already knew that virtual relationships, forged over an electronic
medium which denied the importance of physical chemistry, could
sometimes be disappointing.
Par used to hang out on a phone bridge with another Australian member
of The Realm, named Phoenix, and with a fun girl from southern
California. Tammi, a casual phreaker, had a great personality and a
hilarious sense of humour. During those endless hours chatting, she
and Phoenix seemed to be in the throes of a mutual crush. In the
phreaking underground, they were known as a bit of a virtual item. She
had even invited Phoenix to come visit her sometime. Then, one day,
for the fun of it, Tammi decided to visit Par in Monterey. Her
appearance was a shock.
Tammi had described herself to Phoenix as being a blue-eyed, blonde
California girl. Par knew that Phoenix visualised her as a
stereotypical bikini-clad, beach bunny from LA. His perception rested
on a foreigner's view of the southern California culture. The land of
milk and honey. The home of the Beach Boys and TV series like
`Charlie's Angels'.
When Tammi arrived, Par knew instantly that she and Phoenix would
never hit it off in person. Tammi did in fact have both blonde hair
and blue eyes. She had neglected to mention, however, that she weighed
about 300 pounds, had a rather homely face and a somewhat down-market
style. Par really liked Tammi, but he couldn't get the ugly phrase
`white trash' out of his thoughts. He pushed and shoved, but the
phrase was wedged in his mind. It fell to Par to tell Phoenix the
truth about Tammi.
So Par knew all about how reality could burst the foundations of a
virtual relationship.
Leaving New York and Nora behind, Par moved across the river to New
Jersey to stay with a friend, Byteman, who was one of a group of
hackers who specialised in breaking into computer systems run by Bell
Communications Research (Bellcore). Bellcore came into existence at
the beginning of 1984 as a result of the break-up of the US telephone
monopoly known as Bell Systems. Before the break-up, Bell Systems'
paternalistic holding company, American Telephone and Telegraph
(AT&T), had
fostered the best and brightest in Bell Labs, its research arm. Over
the course of its history, Bell Labs boasted at least seven
Nobel-prize winning researchers and numerous scientific achievements.
All of which made Bellcore a good target for hackers trying to prove
their prowess.
Byteman used to chat with Theorem on Altos, and eventually he called
her, voice. Par must have looked pretty inconsolable, because one day
while Byteman was talking to Theorem, he suddenly said to her, `Hey,
wanna talk to a friend of mine?' Theorem said `Sure' and Byteman
handed the telephone to Par. They talked for about twenty minutes.
After that they spoke regularly both on Altos and on the phone. For
weeks after Par returned to California, Theorem tried to cheer him up
after his unfortunate experience with Nora. By mid-1988, they had
fallen utterly and passionately in love.
Electron, an occasional member of Force's Realm group, took the news
very badly. Not everyone on Altos liked Electron. He could be a little
prickly, and very cutting when he chose to be, but he was an ace
hacker, on an international scale, and everyone listened to him.
Obsessive, creative and quick off the mark, Electron had respect,
which is one reason Par felt so badly.
When Theorem told Electron the bad news in a private conversation
on-line, Electron had let fly in the public area, ripping into the
American hacker on the main chat section of Altos, in front of
everyone.
Par took it on the chin and refused to fight back. What else could he
do? He knew what it was like to hurt. He felt for the guy and knew how
he would feel if he lost Theorem. And he knew that Electron must be
suffering a terrible loss of face. Everyone saw Electron and Theorem
as an item. They had been together for more than a year. So Par met
Electron's fury with grace and quiet words of consolation.
Par didn't hear much from Electron after that day. The Australian
still visited Altos, but he seemed more withdrawn, at least whenever
Par was around. After that day, Par ran into him once, on a phone
bridge with a bunch of Australian hackers.
Phoenix said on the bridge, `Hey, Electron. Par's on the bridge.'
Electron paused. `Oh, really,' he answered coolly. Then he went
silent.
Par let Electron keep his distance. After all, Par had what really
counted--the girl.
Par called Theorem almost every day. Soon they began to make plans for
her to fly to California so they could meet in person. Par tried not
to expect too much, but he found it difficult to stop savouring the
thought of finally seeing Theorem face to face. It gave him
butterflies.
Yeah, Par thought, things are really looking up.
The beauty of Altos was that, like Pacific Island or any other local
BBS, a hacker could take on any identity he wanted. And he could do it
on an international scale. Visiting Altos was like attending a
glittering masquerade ball. Anyone could recreate himself. A socially
inept hacker could pose as a character of romance and adventure. And a
security official could pose as a hacker.
Which is exactly what Telenet security officer Steve Mathews did on 27
October 1988. Par happened to be on-line, chatting away with his
friends and hacker colleagues. At any given moment, there were always
a few strays on Altos, a few people who weren't regulars. Naturally,
Mathews didn't announce himself as being a Telenet guy. He just
slipped quietly onto Altos looking like any other hacker. He might
engage a hacker in conversation, but he let the hacker do most of the
talking. He was there to listen.
On that fateful day, Par happened to be in one of his magnanimous
moods. Par had never had much money growing up, but he was always very
generous with what he did have. He talked for a little while with the
unknown hacker on Altos, and then gave him one of the debit cards
taken from his visits to the CitiSaudi computer. Why not? On Altos, it
was a bit like handing out your business card. `The
Parmaster--Parameters Par Excellence'.
Par had got his full name--The Parmaster--in his earliest hacking
days. Back then, he belonged to a group of teenagers involved in
breaking the copy protections on software programs for Apple IIes,
particularly games. Par had a special gift for working out the copy
protection parameters, which was a first step in bypassing the
manufacturers' protection schemes. The ringleader of the group began
calling him `the master of parameters'--The Parmaster--Par, for short.
As he moved into serious hacking and developed his expertise in X.25
networks, he kept the name because it fitted nicely in his new
environment. `Par?' was a common command on an X.25 pad, the modem
gateway to an X.25 network.
`I've got lots more where that come from,' Par told the stranger on
Altos. `I've got like 4000 cards from a Citibank system.'
Not long after that, Steve Mathews was monitoring Altos again, when
Par showed up handing out cards to people once more.
`I've got an inside contact,' Par confided. `He's gonna make up a
whole mess of new, plastic cards with all these valid numbers from the
Citibank machine. Only the really big accounts, though. Nothing with a
balance under $25000.'
Was Par just making idle conversation, talking big on Altos? Or would
he really have gone through with committing such a major fraud?
Citibank, Telenet and the US Secret Service would never know, because
their security guys began closing the net around Par before he had a
chance to take his idea any further.
Mathews contacted Larry Wallace, fraud investigator with Citibank in
San Mateo, California. Wallace checked out the cards. They were valid
all right. They belonged to the Saudi-American Bank in Saudi Arabia
and were held on a Citibank database in Sioux Falls, South Dakota.
Wallace determined that, with its affiliation to the Middle Eastern
bank, Citibank had a custodial responsibility for the accounts. That
meant he could open a major investigation.
On 7 November, Wallace brought in the US Secret Service. Four days
later, Wallace and Special Agent Thomas Holman got their first major
lead when they interviewed Gerry Lyons of Pacific Bell's security
office in San Francisco.
Yes, Lyons told the investigators, she had some information they might
find valuable. She knew all about hackers and phreakers. In fact, the
San Jose Police had just busted two guys trying to phreak at a pay
phone. The phreakers seemed to know something about a Citibank system.
When the agents showed up at the San Jose Police Department for their
appointment with Sergeant Dave Flory, they received another pleasant
surprise. The sergeant had a book filled with hackers' names and
numbers seized during the arrest of the two pay-phone phreakers. He
also happened to be in possession of a tape recording of the phreakers
talking to Par from a prison phone.
The cheeky phreakers had used the prison pay phone to call up a
telephone bridge located at the University of Virginia. Par, the
Australian hackers and other assorted American phreakers and hackers
visited the bridge frequently. At any one moment, there might be eight
to ten people from the underground sitting on the bridge. The
phreakers found Par hanging out there, as usual, and they warned him.
His name and number were inside the book seized by police when they
were busted.
Par didn't seem worried at all.
`Hey, don't worry. It's cool,' he reassured them. `I have just
disconnected my phone number today--with no forwarding details.'
Which wasn't quite true. His room-mate, Scott, had indeed disconnected
the phone which was in his name because he had been getting prank
calls. However, Scott opened a new telephone account at the same
address with the same name on the same day--all of which made the job
of tracking down the mysterious hacker named Par much easier for the
law enforcement agencies.
In the meantime, Larry Wallace had been ringing around his contacts in
the security business and had come up with another lead. Wanda Gamble,
supervisor for the Southeastern Region of MCI Investigations, in
Atlanta, had a wealth of information on the hacker who called himself
Par. She was well connected when it came to hackers, having acquired a
collection of reliable informants during her investigations of
hacker-related incidents. She gave the Citibank investigator two
mailbox numbers for Par. She also handed them what she believed was
his home phone number.
The number checked out and on 25 November, the day after Thanksgiving,
the Secret Service raided Par's house. The raid was terrifying. At
least four law enforcement officers burst through the door with guns
drawn and pointed. One of them had a shotgun. As is often the case in
the US, investigators from private, commercial organisations--in this
case Citibank and Pacific Bell--also took part in the raid.
The agents tore the place apart looking for evidence. They dragged
down the food from the kitchen cupboards. They emptied the box of
cornflakes into the sink looking for hidden computer disks. They
looked everywhere, even finding a ceiling cavity at the back of a
closet which no-one even knew existed.
They confiscated Par's Apple IIe, printer and modem. But, just to be
sure, they also took the Yellow Pages, along with the telephone and
the new Nintendo game paddles Scott had just bought. They scooped up
the very large number of papers which had been piled under the coffee
table, including the spiral notebook with Scott's airline bookings
from his job as a travel agent. They even took the garbage.
It wasn't long before they found the red shoebox full of disks peeping
out from under the fish tank next to Par's computer.
They found lots of evidence. What they didn't find was Par.
Instead, they found Scott and Ed, two friends of Par. They were pretty
shaken up by the raid. Not knowing Par's real identity, the Secret
Service agents accused Scott of being Par. The phone was in his name,
and Special Agent Holman had even conducted some surveillance more
than a week before the raid, running the plates on Scott's 1965 black
Ford Mustang parked in front of the house. The Secret Service was sure
it had its man, and Scott had a hell of a time convincing them
otherwise.
Both Scott and Ed swore up and down that they weren't hackers or
phreakers, and they certainly weren't Par. But they knew who Par was,
and they told the agents his real name. After considerable pressure
from the Secret Service, Scott and Ed agreed to make statements down
at the police station.
In Chicago, more than 2700 kilometres away from the crisis unfolding
in northern California, Par and his mother watched his aunt walk down
the aisle in her white gown.
Par telephoned home once, to Scott, to say `hi' from the Midwest. The
call came after the raid.
`So,' a relaxed Par asked his room-mate, `How are things going at
home?'
`Fine,' Scott replied. `Nothing much happening here.'
Par looked down at the red bag he was carrying with a momentary
expression of horror. He realised he stood out in the San Jose bus
terminal like a peacock among the pigeons ...
Blissfully ignorant of the raid which had occurred three days before,
Par and his mother had flown into San Jose airport. They had gone to
the bus terminal to pick up a Greyhound home to the Monterey area.
While waiting for the bus, Par called his friend Tammi to say he was
back in California.
Any casual bystander waiting to use the pay phones at that moment
would have seen a remarkable transformation in the brown-haired boy at
the row of phones. The smiling face suddenly dropped in a spasm of
shock. His skin turned ash white as the blood fled south. His deep-set
chocolate brown eyes, with their long, graceful lashes curving upward
and their soft, shy expression, seemed impossibly large.
For at that moment Tammi told Par that his house had been raided by
the Secret Service. That Scott and Ed had been pretty upset about
having guns shoved in their faces, and had made statements about him
to the police. That they thought their phone was tapped. That the
Secret Service guys were still hunting for Par, they knew his real
name, and she thought there was an all points bulletin out for him.
Scott had told the Secret Service about Par's red bag, the one with
all his hacking notes that he always carried around. The one with the
print-out of all the Citibank credit card numbers.
And so it was that Par came to gaze down at his bag with a look of
alarm. He realised instantly that the Secret Service would be looking
for that red bag. If they didn't know what he looked like, they would
simply watch for the bag.
That bag was not something Par could hide easily. The Citibank
print-out was the size of a phone book. He also had dozens of disks
loaded with the cards and other sensitive hacking information.
Par had used the cards to make a few free calls, but he hadn't been
charging up any jet skis. He fought temptation valiantly, and in the
end he had won, but others might not have been so victorious in the
same battle. Par figured that some less scrupulous hackers had
probably been charging up a storm. He was right. Someone had, for
example, tried to send a $367 bouquet of flowers to a woman in El Paso
using one of the stolen cards. The carder had unwittingly chosen a
debit card belonging to a senior Saudi bank executive who happened to
be in his office at the time the flower order was placed. Citibank
investigator Larry Wallace added notes on that incident to his growing
file.
Par figured that Citibank would probably try to pin every single
attempt at carding on him. Why not? What kind of credibility would a
seventeen-year-old hacker have in denying those sorts of allegations?
Zero. Par made a snap decision. He sidled up to a trash bin in a dark
corner. Scanning the scene warily, Par casually reached into the red
bag, pulled out the thick wad of Citibank card print-outs and stuffed
it into the bin. He fluffed a few stray pieces of garbage over the
top.
He worried about the computer disks with all his other valuable
hacking information. They represented thousands of hours of work and
he couldn't bring himself to throw it all away. The 10 megabyte
trophy. More than 4000 cards. 130000 different transactions. In the
end, he decided to hold on to the disks, regardless of the risk. At
least, without the print-out, he could crumple the bag up a bit and
make it a little less conspicuous. As Par slowly moved away from the
bin, he glanced back to check how nondescript the burial site appeared
from a distance. It looked like a pile of garbage. Trash worth
millions of dollars, headed for the dump.
As he boarded the bus to Salinas with his mother, Par's mind was
instantly flooded with images of a homeless person fishing the
print-out from the bin and asking someone about it. He tried to push
the idea from his head.
During the bus ride, Par attempted to figure out what he was going to
do. He didn't tell his mother anything. She couldn't even begin to
comprehend his world of computers and networks, let alone his current
predicament. Further, Par and his mother had suffered from a somewhat
strained relationship since he ran away from home not long after his
seventeenth birthday. He had been kicked out of school for
non-attendance, but had found a job tutoring students in computers at
the local college. Before the trip to Chicago, he had seen her just
once in six months. No, he couldn't turn to her for help.
The bus rolled toward the Salinas station. En route, it travelled down
the street where Par lived. He saw a jogger, a thin black man wearing
a walkman. What the hell is a jogger doing here, Par thought. No-one
jogged in the semi-industrial neighbourhood. Par's house was about the
only residence amid all the light-industrial buildings. As soon as the
jogger was out of sight of the house, he suddenly broke away from his
path, turned off to one side and hit the ground. As he lay on his
stomach on some grass, facing the house, he seemed to begin talking
into the walkman.
Sitting watching this on the bus, Par flipped out. They were out to
get him, no doubt about it. When the bus finally arrived at the depot
and his mother began sorting out their luggage, Par tucked the red bag
under his arm and disappeared. He found a pay phone and called Scott
to find out the status of things. Scott handed the phone to Chris,
another friend who lived in the house. Chris had been away at his
parents' home during the Thanksgiving raid.
`Hold tight and lay low,' Chris told Par.
`I'm on my way over to pick you up and take you to a lawyer's office
where you can get some sort of protection.'
A specialist in criminal law, Richard Rosen was born in New York but
raised in his later childhood in California. He had a personality
which reflected the steely stubbornness of a New Yorker, tempered with
the laid-back friendliness of the west coast. Rosen also harboured a
strong anti-authoritarian streak. He represented the local chapter of
Hell's Angels in the middle-class County of Monterey. He also caused a
splash representing the growing midwifery movement, which promoted
home-births. The doctors of California didn't like him much as a
result.
Par's room-mates met with Rosen after the raid to set things up for
Par's return. They told him about the terrifying ordeal of the Secret
Service raid, and how they were interrogated for an hour and a half
before being pressured to give statements. Scott, in particular, felt
that he had been forced to give a statement against Par under duress.
While Par talked to Chris on the phone, he noticed a man standing at
the end of the row of pay phones. This man was also wearing a walkman.
He didn't look Par in the eye. Instead, he faced the wall, glancing
furtively off to the side toward where Par was standing. Who was that
guy? Fear welled up inside Par and all sorts of doubts flooded his
mind. Who could he trust?
Scott hadn't told him about the raid. Were his room-mates in cahoots
the Secret Service? Were they just buying time so they could turn him
in? There was no-one else Par could turn to. His mother wouldn't
understand. Besides, she had problems of her own. And he didn't have a
father. As far as Par was concerned, his father was as good as dead.
He had never met the man, but he heard he was a prison officer in
Florida. Not a likely candidate for helping Par in this situation. He
was close to his grandparents--they had bought his computer for him as
a present--but they lived in a tiny Mid-Western town and they simply
wouldn't understand either.
Par didn't know what to do, but he didn't seem to have many options at
the moment, so he told Chris he would wait at the station for him.
Then he ducked around a corner and tried to hide.
A few minutes later, Chris pulled into the depot. Par dove into the
Toyota Landcruiser and Chris tore out of the station toward Rosen's
office. They noticed a white car race out of the bus station after
them.
While they drove, Par pieced together the story from Chris. No-one had
warned him about the raid because everyone in the house believed the
phone line was tapped. Telling Par while he was in Chicago might have
meant another visit from the Secret Service. All they had been able to
do was line up Rosen to help him.
Par checked the rear-view mirror. The white car was still following
them. Chris made a hard turn at the next intersection and accelerated
down the California speedway. The white car tore around the corner in
pursuit. No matter what Chris did, he couldn't shake the tail. Par sat
in the seat next to Chris, quietly freaking out.
Just 24 hours before, he had been safe and sound in Chicago. How did
he end up back here in California being chased by a mysterious driver
in a white car?
Chris tried his best to break free, swerving and racing. The white car
wouldn't budge. But Chris and Par had one advantage over the white
car; they were in a four-wheel drive. In a split-second decision,
Chris jerked the steering wheel to one side. The Landcruiser veered
off the road onto a lettuce field. Par gripped the inside of the door
as the 4WD bounced through the dirt over the neat crop rows. Near-ripe
heads of lettuce went flying out from under the tires. Half-shredded
lettuce leaves filled the air. A cloud of dirt enveloped the car. The
vehicle skidded and jerked, but finally made its way to a highway at
the far end of the field. Chris hit the highway running, swerving into
the lane at high speed.
When Par looked back, the white car had disappeared. Chris kept his
foot on the accelerator and Par barely breathed until the Landcruiser
pulled up in front of Richard Rosen's building.
Par leaped out, the red bag still clutched tightly under his arm, and
high-tailed it into the lawyer's office. The receptionist looked a bit
shocked when he said his name. Someone must have filled her in on the
details.
Rosen quickly ushered him into his office. Introductions were brief
and Par cut to the story of the chase. Rosen listened intently,
occasionally asking a well-pointed question, and then took control of
the situation.
The first thing they needed to do was call off the Secret Service
chase, Rosen said, so Par didn't have to spend any more time ducking
around corners and hiding in bus depots. He called the Secret
Service's San Francisco office and asked Special Agent Thomas J.
Holman to kill the Secret Service pursuit in exchange for an agreement
that Par would turn himself in to be formally charged.
Holman insisted that they had to talk to Par.
No, Rosen said. There would be no interviews for Par by law
enforcement agents until a deal had been worked out.
But the Secret Service needed to talk to Par, Holman insisted. They
could only discuss all the other matters after the Secret Service had
had a chance to talk with Par.
Rosen politely warned Holman not to attempt to contact his client. You
have something to say to Par, you go through me, he said. Holman did
not like that at all. When the Secret Service wanted to talk to
someone, they were used to getting their way. He pushed Rosen, but the
answer was still no. No no no and no again. Holman had made a mistake.
He had assumed that everyone wanted to do business with the United
States Secret Service.
When he finally realised Rosen wouldn't budge, Holman gave up. Rosen
then negotiated with the federal prosecutor, US Attorney Joe Burton,
who was effectively Holman's boss in the case, to call off the pursuit
in exchange for Par handing himself in to be formally charged.
Then Par gave Rosen his red bag, for safekeeping.
At about the same time, Citibank investigator Wallace and Detective
Porter of the Salinas Police interviewed Par's mother as she returned
home from the bus depot. She said that her son had moved out of her
home some six months before, leaving her with a $2000 phone bill she
couldn't pay. They asked if they could search her home. Privately, she
worried about what would happen if she refused. Would they tell the
office where she worked as a clerk? Could they get her fired? A simple
woman who had little experience dealing with law enforcement agents,
Par's mother agreed. The investigators took Par's disks and papers.
Par turned himself in to the Salinas Police in the early afternoon of
12 December. The police photographed and fingerprinted him before
handing him a citation--a small yellow slip headed `502 (c) (1) PC'.
It looked like a traffic ticket, but the two charges Par faced were
felonies, and each carried a maximum term of three years for a minor.
Count 1, for hacking into Citicorp Credit Services, also carried a
fine of up to $10000. Count 2, for `defrauding a telephone service',
had no fine: the charges were for a continuing course of conduct,
meaning that they applied to the same activity over an extended period
of time.
Federal investigators had been astonished to find Par was so young.
Dealing with a minor in the federal court system was a big hassle, so
the prosecutor decided to ask the state authorities to prosecute the
case. Par was ordered to appear in Monterey County Juvenile Court on
10 July 1989.
Over the next few months, Par worked closely with Rosen. Though Rosen
was a very adept lawyer, the situation looked pretty depressing.
Citibank claimed it had spent $30000 on securing its systems and Par
believed that the corporation might be looking for up to $3 million in
total damages. While they couldn't prove Par had made any money from
the cards himself, the prosecution would argue that his generous
distribution of them had led to serious financial losses. And that was
just the financial institutions.
Much more worrying was what might come out about Par's visits to TRW's
computers. The Secret Service had seized at least one disk with TRW
material on it.
TRW was a large, diverse company, with assets of $2.1 billion and
sales of almost $7 billion in 1989, nearly half of which came from the
US government. It employed more than 73000 people, many of who worked
with the company's credit ratings business. TRW's vast databases held
private details of millions of people--addresses, phone numbers,
financial data.
That, however, was just one of the company's many businesses. TRW also
did defence work--very secret defence work. Its Space and Defense
division, based in Redondo Beach, California, was widely believed to
be a major beneficiary of the Reagan Government's Star Wars budget.
More than 10 per cent of the company's employees worked in this
division, designing spacecraft systems, communications systems,
satellites and other, unspecified, space `instruments'.
The siezed disk had some mail from the company's TRWMAIL systems. It
wasn't particularly sensitive, mostly just company propaganda sent to
employees, but the Secret Service might think that where there was
smoke, there was bound to be fire. TRW did the kind of work that makes
governments very nervous when it comes to unauthorised access. And Par
had visited certain TRW machines; he knew that company had a missiles
research section, and even a space weapons section.
With so many people out to get him--Citibank, the Secret Service, the
local police, even his own mother had helped the other side--it was
only a matter of time before they unearthed the really secret things
he had seen while hacking. Par began to wonder if was such a good idea
for him to stay around for the trial.
In early 1989, when Theorem stepped off the plane which carried her
from Switzerland to San Francisco, she was pleased that she had
managed to keep a promise to herself. It wasn't always an easy
promise. There were times of intimacy, of perfect connection, between
the two voices on opposite sides of the globe, when it seemed so
breakable.
Meanwhile, Par braced himself. Theorem had described herself in such
disparaging terms. He had even heard from others on Altos that she was
homely. But that description had ultimately come from her anyway, so
it didn't really count.
Finally, as he watched the stream of passengers snake out to the
waiting area, he told himself it didn't matter anyway. After all, he
had fallen in love with her--her being, her essence--not her image as
it appeared in flesh. And he had told her so. She had said the same
back to him.
Suddenly she was there, in front of him. Par had to look up slightly
to reach her eyes, since she was a little more than an inch taller.
She was quite pretty, with straight, brown shoulder-length hair and
brown eyes. He was just thinking how much more attractive she was than
he had expected, when it happened.
Theorem smiled.
Par almost lost his balance. It was a devastating smile, big and
toothy, warm and genuine. Her whole face lit up with a fire of
animation. That smile sealed it.
She had kept her promise to herself. There was no clear image of Par
in her mind before meeting him in person. After meeting a few people
from Altos at a party in Munich the year before, she had tried not to
create images of people based on their on-line personalities. That way
she would never suffer disappointment.
Par and Theorem picked up her bags and got into Brian's car. Brian, a
friend who offered to play airport taxi because Par didn't have a car,
thought Theorem was pretty cool. A six-foot-tall French-speaking Swiss
woman. It was definitely cool. They drove back to Par's house. Then
Brian came in for a chat.
Brian asked Theorem all sorts of questions. He was really curious,
because he had never met anyone from Europe before. Par kept trying to
encourage his friend to leave but Brian wanted to know all about life
in Switzerland. What was the weather like? Did people ski all the
time?
Par kept looking Brian in the eye and then staring hard at the door.
Did most Swiss speak English? What other languages did she know? A lot
of people skied in California. It was so cool talking to someone from
halfway around the world.
Par did the silent chin-nudge toward the door and, at last, Brian got
the hint. Par ushered his friend out of the house. Brian was only
there for about ten minutes, but it felt like a year. When Par and
Theorem were alone, they talked a bit, then Par suggested they go for
a walk.
Halfway down the block, Par tentatively reached for her hand and took
it in his own. She seemed to like it. Her hand was warm. They talked a
bit more, then Par stopped. He turned to face her. He paused, and then
told her something he had told her before over the telephone,
something they both knew already.
Theorem kissed him. It startled Par. He was completely unprepared.
Then Theorem said the same words back to him.
When they returned to the house, things progressed from there. They
spent two and a half weeks in each other's arms--and they were
glorious, sun-drenched weeks. The relationship proved to be far, far
better in person than it had ever been on-line or on the telephone.
Theorem had captivated Par, and Par, in turn, created a state of bliss
in Theorem.
Par showed her around his little world in northern California. They
visited a few tourist sites, but mostly they just spent a lot of time
at home. They talked, day and night, about everything.
Then it was time for Theorem to leave, to return to her job and her
life in Switzerland. Her departure was hard--driving to the airport,
seeing her board the plane--it was heart-wrenching. Theorem looked
very upset. Par just managed to hold it together until the plane took
off.
For two and a half weeks, Theorem had blotted out Par's approaching
court case. As she flew away, the dark reality of the case descended
on him.
The fish liked to watch.
Par sat at the borrowed computer all night in the dark, with only the
dull glow of his monitor lighting the room, and the fish would all
swim over to the side of their tank and peer out at him. When things
were quiet on-line, Par's attention wandered to the eel and the lion
fish. Maybe they were attracted to the phosphorescence of the computer
screen. Whatever the reason, they certainly liked to hover there. It
was eerie.
Par took a few more drags of his joint, watched the fish some more,
drank his Coke and then turned his attention back to his computer.
That night, Par saw something he shouldn't have. Not the usual hacker
stuff. Not the inside of a university. Not even the inside of an
international bank containing private financial information about
Middle Eastern sheiks.
What he saw was information about some sort of killer spy
satellite--those are the words Par used to describe it to other
hackers. He said the satellite was capable of shooting down other
satellites caught spying, and he saw it inside a machine connected to
TRW's Space and Defense division network. He stumbled upon it much the
same way Force had accidentally found the CitiSaudi machine--through
scanning. Par didn't say much else about it because the discovery
scared the hell out of him.
Suddenly, he felt like the man who knew too much. He'd been in and out
of so many military systems, seen so much sensitive material, that he
had become a little blasé about the whole thing. The information was
cool to read but, God knows, he never intended to actually do anything
with it. It was just a prize, a glittering trophy testifying to his
prowess as a hacker. But this discovery shook him up, slapped him in
the face, made him realise he was exposed.
What would the Secret Service do to him when they found out? Hand him
another little traffic ticket titled `502C'? No way. Let him tell the
jury at his trial everything he knew? Let the newspapers print it? Not
a snowball's chance in hell.
This was the era of Ronald Reagan and George Bush, of space defence
initiatives, of huge defence budgets and very paranoid military
commanders who viewed the world as one giant battlefield with the evil
empire of the Soviet Union.
Would the US government just lock him up and throw away the key? Would
it want to risk him talking to other prisoners--hardened criminals who
knew how to make a dollar from that sort of information? Definitely
not.
That left just one option. Elimination.
It was not a pretty thought. But to the seventeen-year-old hacker it
was a very plausible one. Par considered what he could do and came up
with what seemed to be the only solution.
Run.
Chapter 4 -- The Fugitive.
There's one gun, probably more; and the others are pointing at our backdoor.
-- from `Knife's Edge', Bird Noises.
When Par failed to show up for his hearing on 10 July 1989 in the
Monterey County Juvenile Court in Salinas, he officially became a
fugitive. He had, in fact, already been on the run for some weeks. But
no-one knew. Not even his lawyer.
Richard Rosen had an idea something was wrong when Par didn't show up
for a meeting some ten days before the hearing, but he kept hoping his
client would come good. Rosen had negotiated a deal for Par:
reparations plus fifteen days or less in juvenile prison in exchange
for Par's full cooperation with the Secret Service.
Par had appeared deeply troubled over the matter for weeks. He didn't
seem to mind telling the Feds how he had broken into various
computers, but that's not what they were really looking for. They
wanted him to rat. And to rat on everyone. They knew Par was a kingpin
and, as such, he knew all the important players in the underground.
The perfect stooge. But Par couldn't bring himself to narc. Even if he
did spill his guts, there was still the question of what the
authorities would do to him in prison. The question of elimination
loomed large in his mind.
So, one morning, Par simply disappeared. He had planned it carefully,
packed his bags discreetly and made arrangements with a trusted friend
outside the circle which included his room-mates. The friend drove
around to pick Par up when the
room-mates were out. They never had an inkling that the now
eighteen-year-old Par was about to vanish for a very long time.
First, Par headed to San Diego. Then LA. Then he made his way to New
Jersey. After that, he disappeared from the radar screen completely.
Life on the run was hard. For the first few months, Par carried around
two prized possessions; an inexpensive laptop computer and photos of
Theorem taken during her visit. They were his lifeline to a different
world and he clutched them in his bag as he moved from one city to
another, often staying with his friends from the computer underground.
The loose-knit network of hackers worked a bit like the
nineteenth-century American `underground railroad' used by escaped
slaves to flee from the South to the safety of the northern states.
Except that, for Par, there was never a safe haven.
Par crisscrossed the continent, always on the move. A week in one
place. A few nights in another. Sometimes there were breaks in the
electronic underground railroad, spaces between the place where one
line ended and another began. Those breaks were the hardest. They
meant sleeping out in the open, sometimes in the cold, going without
food and being without anyone to talk to.
He continued hacking, with new-found frenzy, because he was
invincible. What were the law enforcement agencies going to do? Come
and arrest him? He was already a fugitive and he figured things
couldn't get much worse. He felt as though he would be on the run
forever, and as if he had already been on the run for a lifetime,
though it was only a few months.
When he was staying with people from the computer underground, Par was
careful. But when he was alone in a dingy motel room, or with people
completely outside that world, he hacked without fear. Blatant,
in-your-face feats. Things he knew the Secret Service would see. Even
his illicit voice mailbox had words for his pursuers:
Yeah, this is Par. And to all those faggots from the Secret Service
who keep calling and hanging up, well, lots of luck. 'Cause, I mean,
you're so fucking stupid, it's not even funny.
I mean, if you had to send my shit to Apple Computers [for analysis],
you must be so stupid, it's pitiful. You also thought I had
blue-boxing equipment [for phreaking]. I'm just laughing trying to
think what you thought was a blue box. You are so lame.
Oh well. And anyone else who needs to leave me a message, go ahead.
And everyone take it easy and leave me some shit. Alright. Later.
Despite the bravado, paranoia took hold of Par as it never had before.
If he saw a cop across the street, his breath would quicken and he
would turn and walk in the opposite direction. If the cop was heading
toward him, Par crossed the street and turned down the nearest alley.
Police of any type made him very nervous.
By the autumn of 1989, Par had made his way to a small town in North
Carolina. He found a place to stop and rest with a friend who used the
handle The Nibbler and whose family owned a motel. A couple of weeks
in one place, in one bed, was paradise. It was also free, which meant
he didn't have to borrow money from Theorem, who helped him out while
he was on the run.
Par slept in whatever room happened to be available that night, but he
spent most of his time in one of the motel chalets Nibbler used in the
off-season as a computer room. They spent days hacking from Nibbler's
computer. The fugitive had been forced to sell off his inexpensive
laptop before arriving in North Carolina.
After a few weeks at the motel, however, he couldn't shake the feeling
that he was being watched. There were too many strangers coming and
going. He wondered if the hotel guests waiting in their cars were
spying on him, and he soon began jumping at shadows. Perhaps, he
thought, the Secret Service had found him after all.
Par thought about how he could investigate the matter in more depth.
One of The Atlanta Three hackers, The Prophet, called Nibbler
occasionally to exchange hacking information, particularly security
bugs in Unix systems. During one of their talks, Prophet told Par
about a new security flaw he'd been experimenting with on a network
that belonged to the phone company.
The Atlanta Three, a Georgia-based wing of The Legion of Doom, spent a
good deal of time weaving their way through BellSouth, the phone
company covering the south-eastern US. They knew about phone switching
stations the way Par knew about Tymnet. The Secret Service had raided
the hackers in July 1989 but had not arrested them yet, so in
September The Prophet continued to maintain an interest in his
favourite target.
Par thought the flaw in BellSouth's network sounded very cool and
began playing around in the company's systems. Dial up the company's
computer network, poke around, look at things. The usual stuff.
It occurred to Par that he could check out the phone company's records
of the motel to see if there was anything unusual going on. He typed
in the motel's main phone number and the system fed back the motel's
address, name and some detailed technical information, such as the
exact cable and pair attached to the phone number. Then he looked up
the phone line of the computer chalet. Things looked odd on that line.
The line which he and Nibbler used for most of their hacking showed a
special status: `maintenance unit on line'.
What maintenance unit? Nibbler hadn't mentioned any problems with any
of the motel's lines, but Par checked with him. No problems with the
telephones.
Par felt nervous. In addition to messing around with the phone
company's networks, he had been hacking into a Russian computer
network from the computer chalet. The Soviet network was a shiny new
toy. It had only been connected to the rest of the world's global
packet-switched network for about a month, which made it particularly
attractive virgin territory.
Nibbler called in a friend to check the motel's phones. The friend, a
former telephone company technician turned freelancer, came over to
look at the equipment. He told Nibbler and Par that something weird
was happening in the motel's phone system. The line voltages were way
off.
Par realised instantly what was going on. The system was being
monitored. Every line coming in and going out was probably being
tapped, which meant only one thing. Someone--the phone company, the
local police, the FBI or the Secret Service--was onto him.
Nibbler and Par quickly packed up all Nibbler's computer gear, along
with Par's hacking notes, and moved to another motel across town. They
had to shut down all their hacking activities and cover their tracks.
Par had left programs running which sniffed people's passwords and
login names on a continual basis as they logged in, then dumped all
the information into a file on the hacked machine. He checked that
file every day or so. If he didn't shut the programs down, the log
file would grow until it was so big the system administrator would
become curious and have a look. When he discovered that his system had
been hacked he would close the security holes. Par would have problems
getting back into that system.
After they finished tidying up the hacked systems, they gathered up
all Par's notes and Nibbler's computer equipment once again and
stashed them in a rented storage space. Then they drove back to the
motel.
Par couldn't afford to move on just yet. Besides, maybe only the
telephone company had taken an interest in the motel's phone system.
Par had done a lot of poking and prodding of the telecommunications
companies' computer systems from the motel phone, but he had done it
anonymously. Perhaps BellSouth felt a little curious and just wanted
to sniff about for more information. If that was the case, the law
enforcement agencies probably didn't know that Par, the fugitive, was
hiding in the motel.
The atmosphere was becoming oppressive in the motel. Par became even
more watchful of the people coming and going. He glanced out the front
window a little more often, and he listened a little more carefully to
the footsteps coming and going. How many of the guests were really
just tourists? Par went through the guest list and found a man
registered as being from New Jersey. He was from one of the AT&T
corporations left after the break-up of Bell Systems. Why on earth
would an AT&T guy be staying in a tiny hick town in North Carolina?
Maybe a few Secret Service agents had snuck into the motel and were
watching the chalet.
Par needed to bring the paranoia under control. He needed some fresh
air, so he went out for a walk. The weather was bad and the wind blew
hard, whipping up small tornadoes of autumn leaves. Soon it began
raining and Par sought cover in the pay phone across the street.
Despite having been on the run for a few months, Par still called
Theorem almost every day, mostly by phreaking calls through bulk
telecommunications companies. He dialled her number and they talked
for a bit. He told her about how the voltage was way off on the
motel's PABX and how the phone might be tapped. She asked how he was
holding up. Then they spoke softly about when they might see each
other again.
Outside the phone box, the storm worsened. The rain hammered the roof
from one side and then another as the wind jammed it in at strange
angles. The darkened street was deserted. Tree branches creaked under
the strain of the wind. Rivulets rushed down the leeward side of the
booth and formed a wall of water outside the glass. Then a trash bin
toppled over and its contents flew onto the road.
Trying to ignore to the havoc around him, Par curled the phone handset
into a small protected space, cupped between his hand, his chest and a
corner of the phone booth. He reminded Theorem of their time together
in California, of two and a half weeks, and they laughed gently over
intimate secrets.
A tree branch groaned and then broke under the force of the wind. When
it crashed on the pavement near the phone booth, Theorem asked Par
what the noise was.
`There's a hurricane coming,' he told her. `Hurricane Hugo. It was
supposed to hit tonight. I guess it's arrived.'
Theorem sounded horrified and insisted Par go back to the safety of
the motel immediately.
When Par opened the booth door, he was deluged by water. He dashed
across the road, fighting the wind of the hurricane, staggered into his
motel room and jumped into bed to warm up. He fell asleep listening to
the storm, and he dreamed of Theorem.
Hurricane Hugo lasted more than three days, but they felt like the
safest three days Par had spent in weeks. It was a good bet that the
Secret Service wouldn't be conducting any raids during a hurricane.
South Carolina took the brunt of Hugo but North Carolina also suffered
massive damage. It was one of the worst hurricanes to hit the area in
decades. Winds near its centre reached more than 240 kilometres per
hour, causing 60 deaths and $7 billion in damages as it made its way
up the coast from the West Indies to the Carolinas.
When Par stepped outside his motel room one afternoon a few days after
the storm, the air was fresh and clean. He walked to the railing
outside his second-storey perch and found himself looking down on a
hive of activity in the car park. There were cars. There was a van.
There was a collection of spectators.
And there was the Secret Service.
At least eight agents wearing blue jackets with the Secret Service
emblem on the back.
Par froze. He stopped breathing. Everything began to move in slow
motion. A few of the agents formed a circle around one of the guys
from the motel, a maintenance worker named John, who looked vaguely
like Par. They seemed to be hauling John over the coals, searching his
wallet for identification and quizzing him. Then they escorted him to
the van, presumably to run his prints.
Par's mind began moving again. He tried to think clearly. What was the
best way out? He had to get back into his room. It would give him some
cover while he figured out what to do next. The photos of Theorem
flashed through his mind. No way was he going to let the Secret
Service get hold of those. He needed to stash them and fast.
He could see the Secret Service agents searching the computer chalet.
Thank God he and Nibbler had moved all the equipment. At least there
was nothing incriminating in there and they wouldn't be able to seize
all their gear.
Par breathed deeply, deliberately, and forced himself to back away
from the railing toward the door to his room. He resisted the urge to
dash into his room, to recoil from the scene being played out below
him. Abrupt movements would draw the agents' attention.
Just as Par began to move, one of the agents turned around. He scanned
the two-storey motel complex and his gaze quickly came to rest on Par.
He looked Par dead in the eye.
This is it, Par thought. I'm screwed. No way out of here now. Months
on the run only to get done in a hick town in North Carolina. These
guys are gonna haul my ass away for good. I'll never see the light of
day again. Elimination is the only option.
While these thoughts raced through Par's mind, he stood rigid, his
feet glued to the cement floor, his face locked into the probing gaze
of the Secret Service agent. He felt like they were the only two
people who existed in the universe.
Then, inexplicably, the agent looked away. He swivelled around to
finish his conversation with another agent. It was as if he had never
even seen the fugitive.
Par stood, suspended and unbelieving. Somehow it seemed impossible. He
began to edge the rest of the way to his motel room. Slowly, casually,
he slid inside and shut the door behind him.
His mind raced back to the photos of Theorem and he searched the room
for a safe hiding place. There wasn't one. The best option was
something above eye-level. He pulled a chair across the room, climbed
on it and pressed on the ceiling. The rectangular panel of
plasterboard lifted easily and Par slipped the photos in the space,
then replaced the panel. If the agents tore the room apart, they would
likely find the pictures. But the photos would probably escape a quick
search, which was the best he could hope for at this stage.
Next, he turned his mind to escaping. The locals were pretty cool
about everything, and Par thought he could count on the staff not to
mention his presence to the Secret Service. That bought him some time,
but he couldn't get out of the room without being seen. Besides, if he
was spotted walking off the property, he would certainly be stopped
and questioned.
Even if he did manage to get out of the motel grounds, it wouldn't
help much. The town wasn't big enough to shield him from a thorough
search and there was no-one there he trusted enough to hide him. It
might look a little suspicious, this young man running away from the
motel on foot in a part of the world where everyone travelled by car.
Hitchhiking was out of the question. With his luck, he'd probably get
picked up by one of the agents leaving the raid. No, he wanted a more
viable plan. What he really needed was to get out of the area
altogether, to flee the state.
Par knew that John travelled to Asheville to attend classes and that
he left very early. If the authorities had been watching the motel for
a while, they would know that his 5 a.m. departure was normal. And
there was one other thing about the early departure which seemed
promising. It was still dark at that hour.
If Par could get as far as Asheville, he might be able to get a lift
to Charlotte, and from there he could fly somewhere far away.
Par considered the options again and again. Hiding out in the motel
room seemed the most sensible thing to do. He had been moving rooms
around the motel pretty regularly, so he might have appeared to be
just another traveller to anyone watching the motel. With any luck the
Secret Service would be concentrating their search on the chalet,
ripping the place apart in a vain hunt for the computer equipment. As
these thoughts went through his head, the phone rang, making Par jump.
He stared at it, wondering whether to answer.
He picked it up.
`It's Nibbler,' a voice whispered.
`Yeah,' Par whispered back.
`Par, the Secret Service is here, searching the motel.'
`I know. I saw them.'
`They've already searched the room next to yours.' Par nearly died.
The agents had been less than two metres from where he was standing
and he hadn't even known it. That room was where John stayed. It was
connected to his by an inner door, but both sides were locked.
`Move into John's room and lay low. Gotta go.' Nibbler hung up
abruptly.
Par put his ear to the wall and listened. Nothing. He unlocked the
connecting inner door, turned the knob and pressed lightly. It gave.
Someone had unlocked the other side after the search. Par squinted
through the crack in the door. The room was silent and still. He
opened it--no-one home. Scooping up his things, he quickly moved into
John's room.
Then he waited. Pacing and fidgeting, he strained his ears to catch
the sounds outside. Every bang and creak of a door opening and closing
set him on edge. Late that night, after the law enforcement officials
had left, Nibbler called him on the house phone and told him what had
happened.
Nibbler had been inside the computer chalet when the Secret Service
showed up with a search warrant. The agents took names, numbers, every
detail they could, but they had trouble finding any evidence of
hacking. Finally, one of them emerged from the chalet triumphantly
waving a single computer disk in the air. The law enforcement
entourage hanging around in front of the chalet let out a little
cheer, but Nibbler could hardly keep a straight face. His younger
brother had been learning the basics of computer graphics with a
program called Logo. The United States Secret Service would soon be
uncovering the secret drawings of a primary school student.
Par laughed. It helped relieve the stress. Then he told Nibbler his
escape plan, and Nibbler agreed to arrange matters. His parents didn't
know the whole story, but they liked Par and wanted to help him. Then
Nibbler wished his friend well.
Par didn't even try to rest before his big escape. He was as highly
strung as a racehorse at the gate. What if the Secret Service was
still watching the place? There was no garage attached to the main
motel building which he could access from the inside. He would be
exposed, even though it would only be for a minute or so. The night
would provide reasonable cover, but the escape plan wasn't fool-proof.
If agents were keeping the motel under observation from a distance
they might miss him taking off from his room. On the other hand, there
could be undercover agents posing as guests watching the entire
complex from inside their room.
Paranoid thoughts stewed in Par's mind throughout the night. Just
before 5 a.m., he heard John's car pull up outside. Par flicked off
the light in his room, opened his door a crack and scanned the motel
grounds. All quiet, bar the single car, which puffed and grunted in
the still, cold air. The windows in most of the buildings were dark.
It was now or never.
Par opened the door all the way and slipped down the hallway. As he
crept downstairs, the pre-dawn chill sent a shiver down his spine.
Glancing quickly from side to side, he hurried toward the waiting car,
pulled the back door open and dove onto the seat. Keeping his head
down, he twisted around, rolled onto the floor and closed the door
with little more than a soft click.
As the car began to move. Par reached for a blanket which had been
tossed on the floor and pulled it over himself. After a while, when
John told him they were safely out of the town, Par slipped the
blanket off his face and he looked up at the early morning sky. He
tried to get comfortable on the floor. It was going to be a long ride.
At Asheville, John dropped Par off at an agreed location. Par thanked
him and hopped into a waiting car. Someone else from his extensive
network of friends and acquaintances took him to Charlotte.
This time Par rode in the front passenger seat. For the first time, he
saw the true extent of the damage wreaked by Hurricane Hugo. The small
town where he had been staying had been slashed by rain and high
winds, but on the way to the Charlotte airport, where he would pick up
a flight to New York, Par watched the devastation with amazement. He
stared out the car window, unable to take his eyes off the storm's
trail of havoc.
The hurricane had swept up anything loose or fragile and turned it
into a missile on a suicide mission. Whatever mangled, broken
fragments remained after the turbulent winds had passed would have
been almost unrecognisable to those who had seen them before.
Theorem worried about Par as he staggered from corner to corner of the
continent. In fact, she had often asked him to consider giving himself
up. Moving from town to town was taking its toll on Par, and it wasn't
that much easier on Theorem. She hadn't thought going on the lam was
such a great idea in the first place, and she offered to pay for his
lawyer so he could stop running. Par declined. How could he hand
himself in when he believed elimination was a real possibility?
Theorem sent him money, since he had no way of earning a living and he
needed to eat. The worst parts, though, were the dark thoughts that
kept crossing her mind. Anything could happen to Par between phone
calls. Was he alive? In prison? Had he been raided, even accidentally
shot during a raid?
The Secret Service and the private security people seemed to want him
so badly. It was worrying, but hardly surprising. Par had embarrassed
them. He had broken into their machines and passed their private
information around in the underground. They had raided his home when
he wasn't even home. Then he had escaped a second raid, in North
Carolina, slipping between their fingers. He was constantly in their
face, continuing to hack blatantly and to show them contempt in things
such as his voicemail message. He figured they were probably
exasperated from chasing all sorts of false leads as well, since he
was perpetually spreading fake rumours about his whereabouts. Most of
all, he thought they knew what he had seen inside the TRW system. He
was a risk.
Par became more and more paranoid, always watching over his shoulder
as he moved from city to city. He was always tired. He could never
sleep properly, worrying about the knock on the door. Some mornings,
after a fitful few hours of rest, he woke with a start, unable to
remember where he was. Which house or motel, which friends, which
city.
He still hacked all the time, borrowing machines where he could. He
posted messages frequently on The Phoenix Project, an exclusive BBS
run by The Mentor and Erik Bloodaxe and frequented by LOD members and
the Australian hackers. Some well-known computer security people were
also invited onto certain, limited areas of the Texas-based board,
which immediately elevated the status of The Phoenix Project in the
computer underground. Hackers were as curious about the security
people as the security people were about their prey. The Phoenix
Project was special because it provided neutral ground, where both
sides could meet to exchange ideas.
Via the messages, Par continued to improve his hacking skills while
also talking with his friends, people like Erik Bloodaxe, from Texas,
and Phoenix, from The Realm in Melbourne. Electron also frequented The
Phoenix Project. These hackers knew Par was on the run, and sometimes
they joked with him about it. The humour made the stark reality of
Par's situation bearable. All the hackers on The Phoenix Project had
considered the prospect of being caught. But the presence of Par, and
his tortured existence on the run, hammered the implications home with
some regularity.
As Par's messages became depressed and paranoid, other hackers tried
to do what they could to help him. Elite US and foreign hackers who
had access to the private sections of The Phoenix Project saw his
messages and they felt for him. Yet Par continued to slide deeper and
deeper into his own strange world.
Subject: DAMN !!!
From: The Parmaster
Date: Sat Jan 13 08:40:17 1990
Shit, i got drunk last night and went onto that Philippine system...
Stupid Admin comes on and asks who i am ...
Next thing i know, i'm booted off and both accounts on the system are gone.
Not only this .. but the
whole fucking Philippine Net isn't accepting collect calls anymore. (The thing
went down completely after i was booted off!)
Apparently someone there
had enough of me.
By the way, kids, never
drink and hack!
- Par
Subject: gawd
From: The Parmaster
Date: Sat Jan 13 09:07:06 1990
Those SS boys and NSA boys think i'm a COMRADE .. hehehe i'm just glad
i'm still fucking free.
Bahahaha
<Glastnost and all that happy horseshit>
- Par
Subject: The Bottom line.
From: The Parmaster
Date: Sun Jan 21 10:05:38 1990
The bottom line is a crackdown. The phrack boys were just the start,
i'm sure of it.
This is the time to watch yourself. No matter what you are into,
whether it's just codes, cards, etc.
Apparently the government has seen the last straw. Unfortunately, with
all of this in the news now, they will be able to get more government
money to combat hackers.
And that's BAD fucking news for us. I think they are going after all
the `teachers'--the people who educate others into this sort of thing.
I wonder if they think that maybe these remote cases are linked in any
way. The only way they canprobably see is that we are hackers. And
so that is where their energies will be put. To stop ALL hackers--and
stop them BEFORE they can become a threat. After they wipe out the
educators, that is. Just a theory.
- Par
Subject: Connection
From: The Parmaster
Date: Sun Jan 21 10:16:11 1990
Well, the only connection is disconnection, as Gandalf [a British
hacker] would say.
That's what i'm putting
on my epitaph.
THE ONLY CONNECTION IS
DISCONNECTION ...
Oh well, maybe i'll take
a few of the buggers with me when they come for me.
- Par
Subject: Oh well.
From: The Parmaster
Date: Tue Jan 23 19:30:05 1990
`And now, the end is near. I've traveled each and every byway ...' in
the words of the King. Oh well. Who cares? He was a fat shit before he
died anyway.
To everyone who's been a good friend of mine and help me cover up the
fact that i don't know a fucking thing--i thank u. And to everyone
else, take it easy and hang tough.
i was temporarily insane at the time
See you smart guys at the funny farm.
- Par
Subject: Par
From: Erik Bloodaxe
Date: Tue Jan 23 23:21:39 1990
Shit man, don't drink and think about things like that. It's not
healthy, mentally or physically.
Come to Austin, Texas.
We'll keep you somewhere until we can get something worked out for
you.
A year in minimum security (Club Fed) is better then chucking a whole
life. Hell, you're 19!! I have discarded the `permanent' solution for
good. Dead people can't get laid, but people in federal prisons DO get
conjugal visits!!!
Think of
Theorem.
Call over here at whatever time you read this ... I can see you are
really getting worried, so just fucking call ...
- Erik
Subject: Hah
From: The Parmaster
Date: Thu Jan 25 18:58:00 1990
Just keep in mind they see everything you do. Believe me. I know.
- Par
Subject: Well shit.
From: The Parmaster
Date: Mon Jan 29 15:45:05 1990
It's happening soon guys.
I wish i could have bought more time. And worked out a deal. But
nada. They are nearby now.
I can tell which cars are theirs driving by outside. This is the
weirdest case of Deja vu i've ever had.
Anyway got an interesting call today. It was from Eddie, one of the
Bell systems computers.
It was rather fantasy like ... Probably just his way of saying
`Goodbye'. Eddie was a good friend, smartest damn UNIX box around ...
And he called today to tell me goodbye.
Now i know i'm fucked. Thanks, Eddie, it's been real. (whoever you
are) `ok eddie, this one's for you'
Much Later,
- Par
Subject: Par
From: Erik Bloodaxe
Date: Mon Jan 29 19:36:38 1990
Buddy, Par, you are over the edge ... lay off the weed. Not everyone
with glasses and dark suits are Feds. Not all cars with generic
hubcaps are government issue.
Well, hell, I don't know what the hell `Eddie' is, but that's a real
bizarre message you left.
Fly to Austin ... like tomorrow ... got plenty of places to stash you
until things can be smoothed out for a calm transition.
- Erik
Subject: eehh...
From: Phoenix [from Australia]
Date: Tue Jan 30 07:25:59 1990
hmmmmmmmm...
<wonders real REAL thoughtufully> [sic]
<and turns up a blank...>
what is young Par up to?
Subject: Par and Erik
From: Daneel Olivaw
Date: Mon Jan 29 21:10:00 1990
Erik, you aren't exactly the best person to be stashing people are
you?
Subject: You know you are screwed when.
From: The Parmaster
Date: Wed Jan 31 14:26:04 1990
You know you are screwed
when:
When surveyers survey
your neighbors regularly, and wear sunglasses when it's like 11 degrees
farenheit and cloudy as hell out.
When the same cars keep
driving by outside day and night. (I've been thinking about providing coffee an
d
doughnuts).
- Par
Subject: heh, Par
From: The Mentor
Date: Wed Jan 31 16:37:04 1990
Ummm. I wear sunglasses when it's 11 degrees and cloudy ... so you can
eliminate that one. :-)
Subject: Hmm, Par
From: Phoenix
Date: Thu Feb 01 10:22:46 1990
At least you arent getting shot at.
Subject: Par, why don't you ...
From: Ravage
Date: Thu Feb 01 10:56:04 1990
Why not just go out and say `hi' to the nice gentleman? If i kept
seeing the same people tooling around my neighborhood, i would
actively check them out if they seemed weird.
Subject: Par, jump 'em
From: Aston Martin
Date: Tue Feb 06 18:04:55 1990
What you could do is go out to one of the vans sitting in the street
(you know, the one with the two guys sitting in it all day) with a
pair of jumper cables. Tell them you've seen them sitting there all
day and you thought they were stuck. Ask them if they need a jump.
- Aston
Between these strange messages, Par often posted comments on technical
matters. Other hackers routinely asked him questions about X.25
networks. Unlike some hackers, Par almost always offered some help. In
fact, he believed that being `one of the teachers' made him a
particular target. But his willingness to teach others so readily,
combined with his relatively humble, self-effacing demeanour, made Par
popular among many hackers. It was one reason he found so many places
to stay.
Spring arrived, brushing aside a few of the hardships of a winter on
the run, then summer. Par was still on the run, still dodging the
Secret Service's national hunt for the fugitive. By autumn, Par had
eluded law enforcement officials around the United States for more
than a year. The gloom of another cold winter on the run sat on the
horizon of Par's future, but he didn't care. Anything, everything was
bearable. He could take anything Fate would dish up because he had
something to live for.
Theorem was coming to visit him again.
When Theorem arrived in New York in early 1991, the weather was
bitterly cold. They travelled to Connecticut, where Par was staying in
a share-house with friends.
Par was nervous about a lot of things, but mostly about whether things
would be the same with Theorem. Within a few hours of her arrival, his
fears were assuaged. Theorem felt as passionately about him as she had
in California more than twelve months before. His own feelings were
even stronger. Theorem was a liferaft of happiness in the growing
turmoil of his life.
But things were different in the outside world. Life on the run with
Theorem was grim. Constantly dependent on other people, on their
charity, they were also subject to their petty whims.
A room-mate in the share-house got very drunk one night and picked a
fight with one of Par's friends. It was a major row and the friend
stormed out. In a fit of intoxicated fury, the drunk threatened to
turn Par in to the authorities. Slurring his angry words, he announced
he was going to call the FBI, CIA and Secret Service to tell them all
where Par was living.
Par and Theorem didn't want to wait around to see if the drunk would
be true to his word. They grabbed their coats and fled into the
darkness. With little money, and no place else to stay, they walked
around for hours in the blistering, cold wind. Eventually they decided
they had no choice but to return to the house late at night, hopefully
after the drunk had fallen asleep.
They sidled up to the front of the house, alert and on edge. It was
quite possible the drunk had called every law enforcement agency his
blurry mind could recall, in which case a collection of agents would
be lying in wait. The street was deadly quiet. All the parked cars
were deserted. Par peered in a darkened window but he couldn't see
anything. He motioned for Theorem to follow him into the house.
Though she couldn't see Par's face, Theorem could feel his tension.
Most of the time, she revelled in their closeness, a proximity which
at times seemed to border on telepathy. But at this moment, the
extraordinary gift of empathy felt like a curse. Theorem could feel
Par's all-consuming paranoia, and it filled her with terror as they
crept through the hall, checking each room. Finally they reached Par's
room, expecting to find two or three Secret Service agents waiting
patiently for them in the dark.
It was empty.
They climbed into bed and tried to get some sleep, but Theorem lay
awake in the dark for a little while, thinking about the strange and
fearful experience of returning to the house. Though she spoke to Par
on the phone almost every day when they were apart, she realised she
had missed something.
Being on the run for so long had changed Par.
Some time after she returned to Switzerland, Theorem's access to Altos
shrivelled up and died. She had been logging in through her old
university account but the university eventually killed her access
since she was no longer a student. Without access to any X.25 network
linked to the outside world, she couldn't logon to Altos. Although she
was never involved with hacking, Theorem had become quite addicted to
Altos. The loss of access to the Swiss X.25 network--and therefore to
Altos--left her feeling very depressed. She told Par over the
telephone, in sombre tones.
Par decide to make a little present for Theorem. While most hackers
broke into computers hanging off the X.25 networks, Par broke into the
computers of the companies which ran the X.25 networks. Having control
over the machines owned by Telenet or Tymnet was real power. And as the
master of X.25 networks, Par could simply create a special account--just
for Theorem--on Tymnet.
When Par finished making the account, he leaned back in his chair
feeling pretty pleased with himself.
Account name: Theorem.
Password: ParLovesMe!
Well, thought Par, she's going to have to type that in every time she
gets on the Tymnet network. Altos might be filled with the world's
best hackers, and they might even try to flirt with Theorem, but
she'll be thinking of me every time she logs on, he thought.
Par called her on the telephone and gave her his special present. When
he told her the password to her new account, Theorem laughed. She
thought it was sweet.
And so did the MOD boys.
Masters of Deception, or Destruction--it depended on who told the
story--was a New York-based gang of hackers. They thought it would be
cool to hack Altos. It wasn't that easy to get Altos shell access,
which Theorem had, and most people had to settle for using one of the
`guest' accounts. But it was much easier to hack Altos from a shell
account than from a `guest' account. Theorem's account would be the
targeted jump-off point.
How did MOD get Theorem's Altos password? Most probably they were
watching one of the X.25 gateways she used as she passed through
Tymnet on her way to Altos. Maybe the MOD boys sniffed her password en
route. Or maybe they were watching the Tymnet security officials who
were watching that gateway.
In the end it didn't matter how MOD got Theorem's password on Altos.
What mattered was that they changed her password. When Theorem
couldn't get into Altos she was beside herself. She felt like a junkie
going cold turkey. It was too much. And of course she couldn't reach
Par. Because he was on the run, she had to wait for him to call her.
In fact she couldn't reach any of her other friends on Altos to ask
for help. How was she going to find them? They were all hackers. They
chose handles so no-one would know their real names.
What Theorem didn't know was that, not only had she lost access to
Altos, but the MOD boys were using her account to hack the Altos
system. To the outside world it appeared as though she was doing it.
Theorem finally managed to get a third-hand message to Gandalf, a
well-known British hacker. She sought him out for two reasons. First,
he was a good friend and was therefore likely to help her out. Second,
Gandalf had root access on Altos, which meant he could give her a new
password or account.
Gandalf had established quite a reputation for himself in the computer
underground through the hacking group 8lgm--The Eight-Legged Groove
Machine, named after a British band. He and his friend, fellow British
hacker Pad, had the best four legs in the chorus line. They were a
world-class act, and certainly some of the best talent to come out of
the British hacking scene. But Gandalf and, to a lesser extent, Pad
had also developed a reputation for being arrogant. They rubbed some
of the American hackers the wrong way. Not that Pad and Gandalf seemed
to care. Their attitude was: We're good. We know it. Bugger off.
Gandalf disabled Theorem's account on Altos. He couldn't very well
just change the password and then send the new one through the
extended grapevine that Theorem had used to get a message through to
him. Clearly, someone had targeted her account specifically. No way
was he going to broadcast a new password for her account throughout
the underground. But the trouble was that neither Par nor Theorem knew
what Gandalf had done.
Meanwhile, Par called Theorem and got an earful. An angry Par vowed to
find out just who the hell had been messing with her account.
When the MOD boys told Par they were the culprits, he was a bit
surprised because he had always been on good terms with them. Par told
them how upset Theorem had been, how she gave him an earful. Then an
extraordinary thing happened. Corrupt, the toughest, baddest guy in
MOD, the black kid from the roughest part of New York, the hacker who
gave shit to everyone because he could, apologised to Par.
The MOD guys never apologised, even when they knew they were in the
wrong. Apologies never got anyone very far on a New York City street.
It was an attitude thing. `I'm sorry, man' from Corrupt was the
equivalent of a normal person licking the mud from the soles of your
shoes.
The new password was: M0Dm0dM0D. That's the kind of guys they were.
Par was just signing off to try out the new password when Corrupt
jumped in.
`Yeah, and ah, Par, there's something you should know.'
`Yeah?' Par answered, anxious to go.
`I checked out her mail. There was some stuff in it.'
Theorem's letters? Stuff? `What kind of stuff?' he asked.
`Letters from Gandalf.'
`Yeah?'
`Friendly letters. Real friendly.'
Par wanted to know, but at the same time, he didn't. He could have
arranged root access on Altos long ago if he'd really wanted it. But
he didn't. He didn't want it because it would mean he could access
Theorem's mail. And Par knew that if he could, he would. Theorem was
popular on Altos and, being the suspicious type, Par knew he would
probably take something perfectly innocent and read it the wrong way.
Then he would get in a fight with Theorem, and their time together was
too precious for that.
`Too friendly,' Corrupt went on. It must have been hard for him to
tell Par. Snagging a friend's girlfriend's password and breaking into
her account was one thing. There wasn't much wrong with that. But
breaking that kind of news, well, that was harsh. Especially since
Corrupt had worked with Gandalf in 8lgm.
`Thanks,' Par said finally. Then he took off.
When Par tried out the MOD password, it didn't work of course, because
Gandalf had disabled the account. But Par didn't know that. Finding
out that Theorem's account was disabled didn't bother him, but
discovering who disabled it for her didn't make Par all that happy.
Still, when he confronted Theorem, she denied that anything was going
on between her and Gandalf.
What could Par do? He could believe Theorem or he could doubt her.
Believing her was hard, but doubting her was painful. So he chose to
believe her.
The incident made Theorem take a long look at Altos. It was doing bad
things to her life. In the days that she was locked out of the German
chat system, she had made the unpleasant discovery that she was
completely addicted. And she didn't like it at all. Staring at her
life with fresh eyes, she realised she had been ignoring her friends
and her life in Switzerland. What on earth was she doing, spending
every night in front of a computer screen?
So Theorem made a tough decision.
She decided to stop using Altos forever.
Bad things seemed to happen to The Parmaster around Thanksgiving.
In late November 1991, Par flew up from Virginia Beach to New York. An
acquaintance named Morty Rosenfeld, who hung out with the MOD hackers
a bit, had invited him to come for a visit. Par thought a trip to the
City would do him good.
Morty wasn't exactly Par's best friend, but he was all right. He had
been charged by the Feds a few months earlier for selling a password
to a credit record company which resulted in credit card fraud. Par
didn't go in for selling passwords, but to each his own. Morty wasn't
too bad in the right dose. He had a place on Coney Island, which was
hardly the Village in Manhattan, but close enough, and he had a
fold-out sofa bed. It beat sleeping on the floor somewhere else.
Par hung out with a Morty and a bunch of his friends, drinking and
goofing around on Morty's computer.
One morning, Par woke up with a vicious hangover. His stomach was
growling and there was nothing edible in the fridge, so he rang up and
ordered pork fried rice from a Chinese take-away. Then he threw on
some clothes and sat on the end of the sofa-bed, smoking a cigarette
while he waited. He didn't start smoking until he was nineteen, some
time late into his second year on the run. It calmed his nerves.
There was a knock at the front door. Par's stomach grumbled in
response. As he walked toward the front door, he thought Pork Fried
Rice, here I come. But when Par opened the front door, there was
something else waiting for him.
The Secret Service.
Two men. An older, distinguished gentleman standing on the left and a
young guy on the right. The young guy's eyes opened wide when he saw
Par.
Suddenly, the young guy pushed Par, and kept pushing him. Small, hard,
fast thrusts. Par couldn't get his balance. Each time he almost got
his footing, the agent shoved the hacker backward again until he
landed against the wall. The agent spun Par around so his face pressed
against the wall and pushed a gun into his kidney. Then he slammed
handcuffs on Par and started frisking him for weapons.
Par looked at Morty, now sobbing in the corner, and thought, You
narced on me.
Once Par was safely cuffed, the agents flashed their badges to him.
Then they took him outside, escorted him into a waiting car and drove
into Manhattan. They pulled up in front of the World Trade Center and
when Par got out the young agent swapped the cuffs so Par's hands were
in front of him.
As the agents escorted the handcuffed fugitive up a large escalator,
the corporate world stared at the trio. Business men and women in prim
navy suits, secretaries and office boys all watched wide-eyed from the
opposite escalator. And if the handcuffs weren't bad enough, the
younger Secret Service agent was wearing a nylon jacket with a
noticeable gun-shaped lump in the front pouch.
Why are these guys bringing me in the front entrance? Par kept
thinking. Surely there must be a backdoor, a car park back entrance.
Something not quite so public.
The view from any reasonably high floor of the World Trade Center is
breathtaking, but Par never got a chance to enjoy the vista. He was
hustled into a windowless room and handcuffed to a chair. The agents
moved in and out, sorting out paperwork details. They uncuffed him
briefly while they inked his fingers and rolled them across sheets of
paper. Then they made him give handwriting samples, first his right
hand then his left.
Par didn't mind being cuffed to the chair so much, but he found the
giant metal cage in the middle of the fingerprinting room deeply
disturbing. It reminded him of an animal cage, the kind used in old
zoos.
The two agents who arrested him left the room, but another one came
in. And the third agent was far from friendly. He began playing the
bad cop, railing at Par, shouting at him, trying to unnerve him. But
no amount of yelling from the agent could rile Par as much as the
nature of the questions he asked.
The agent didn't ask a single question about Citibank. Instead, he
demanded to hear everything Par knew about TRW.
All Par's worst nightmares about the killer spy satellite, about
becoming the man who knew too much, rushed through his mind.
Par refused to answer. He just sat silently, staring at the agent.
Eventually, the older agent came back into the room, dragged the
pitbull agent away and took him outside for a whispered chat. After
that, the pitbull agent was all sweetness and light with Par. Not
another word about TRW.
Par wondered why a senior guy from the Secret Service would tell his
minion to clam up about the defence contractor? What was behind the
sudden silence? The abrupt shift alarmed Par almost as much as the
questions had in the first place.
The agent told Par he would be remanded in custody while awaiting
extradition to California. After all the paperwork had been completed,
they released him from the handcuffs and let him stand to stretch. Par
asked for a cigarette and one of the agents gave him one. Then a
couple of other agents--junior guys--came in.
The junior agents were very friendly. One of them even shook Par's
hand and introduced himself. They knew all about the hacker. They knew
his voice from outgoing messages on voicemail boxes he had created for
himself. They knew what he looked like from his California police
file, and maybe even surveillance photos. They knew his personality
from telephone bridge conversations which had been recorded and from
the details of his Secret Service file. Perhaps they had even tracked
him around the country, following a trail of clues left in his
flightpath. Whatever research they had done, one thing was clear.
These agents felt like they knew him intimately--Par the person, not
just Par the hacker.
It was a strange sensation. These guys Par had never met before
chatted with him about the latest Michael Jackson video as if he was a
neighbour or friend just returned from out of town. Then they took him
further uptown, to a police station, for more extradition paperwork.
This place was no World Trade Center deluxe office. Par stared at the
peeling grey paint in the ancient room, and then watched officers
typing out reports using the two-finger hunt-and-peck method on
electric typewriters--not a computer in sight. The officers didn't
cuff Par to the desk. Par was in the heart of a police station and
there was no way he was going anywhere.
While the officer handling Par was away from his desk for ten minutes,
Par felt bored. So he began flipping through the folders with
information on other cases on the officer's desk. They were heavy duty
fraud cases--mafia and drug-money laundering--cases which carried
reference to FBI involvement. These people looked hairy.
That day, Par had a quick appearance in court, just long enough to be
given protective custody in the Manhattan detention complex known as
the Tombs while he waited for the authorities from California to come
and pick him up.
Par spent almost a week in the Tombs. By day three, he was climbing
the walls. It was like being buried alive.
During that week, Par had almost no contact with other human beings--a
terrible punishment for someone with so much need for a continual flow
of new information. He never left his cell. His jailer slid trays of
food into his cell and took them away.
On day six, Par went nuts. He threw a fit, began screaming and banging
on the door. He yelled at the guard. Told him none too nicely that he
wanted to `get the fuck outta here'. The guard said he would see if he
could get Par transferred to Rikers Island, New York's notorious jail.
Par didn't care if he was transferred to the moon, as long as he got
out of solitary confinement.
Except for the serial killer, the north infirmary at Rikers Island was
a considerable improvement on the Tombs. Par was only locked in his
cell at night. During the day he was free to roam inside the infirmary
area with other prisoners. Some of them were there because the
authorities didn't want to put them in with the hardened criminals,
and some of them were there because they were probably criminally
insane.
It was an eclectic bunch. A fireman turned jewellery heister. A
Colombian drug lord. A chop-shop ringleader, who collected more than
300 stolen cars, chopped them up, reassembled them as new and then
sold them off. A man who killed a homosexual for coming onto him.
`Faggot Killer', as he was known inside, hadn't meant to kill anyone:
things had gotten a little out of hand; next thing he knew, he was
facing ten to twelve on a murder rap.
Par wasn't wild about the idea of hanging out with a murderer, but he
was nervous about what could happened to a young man in jail. Forging
a friendship with Faggot Killer would send the right message. Besides,
the guy seemed to be OK. Well, as long as you didn't look at him the
wrong way.
On his first day, Par also met Kentucky, a wild-eyed man who
introduced himself by thrusting a crumpled newspaper article into the
hacker's hand and saying, `That's me'. The article, titled `Voices
Told Him to Kill', described how police had apprehended a serial
killer believed to be responsible for a dozen murders, maybe more.
During his last murder, Kentucky told Par he had killed a woman--and
then written the names of the aliens who had commanded him to do it on
the walls of her apartment in her blood.
The jewellery heister tried to warn Par to stay away from Kentucky,
who continued to liaise with the aliens on a regular basis. But it was
too late. Kentucky decided that he didn't like the young hacker. He
started shouting at Par, picking a fight. Par stood there, stunned and
confused. How should he deal with an aggravated serial killer? And
what the hell was he doing in jail with a serial killer raving at him
anyway? It was all too much.
The jewellery heister rushed over to Kentucky and tried to calm him
down, speaking in soothing tones. Kentucky glowered at Par, but he
stopped yelling.
A few days into his stay at Rikers, Faggot Killer invited Par to join
in a game of Dungeons and Dragons. It beat watching TV talk shows all
day, so Par agreed. He sat down at the metal picnic table where Faggot
Killer had laid out the board.
So it was that Par, the twenty-year-old computer hacker from
California, the X.25 network whiz kid, came to play Dungeons and
Dragons with a jewellery thief, a homophobic murderer and a mad serial
killer in Rikers Island. Par found himself marvelling at the
surrealism of the situation.
Kentucky threw himself into the game. He seemed to get off on killing
hobgoblins.
`I'll take my halberd,' Kentucky began with a smile, `and I stab this
goblin.' The next player began to make his move, but Kentucky
interrupted. `I'm not done,' he said slowly, as a demonic grin spread
across his face. `And I slice it. And cut it. It bleeds everywhere.'
Kentucky's face tensed with pleasure.
The other three players shifted uncomfortably in their seats. Par
looked at Faggot Killer with nervous eyes.
`And I thrust a knife into its heart,' Kentucky continued, the volume
of his voice rising with excitement. `Blood, blood, everywhere blood.
And I take the knife and hack him. And I hack and hack and hack.'
Kentucky jumped up from the table and began shouting, thrusting one
arm downward through the air with an imaginary dagger, `And I hack and
I hack and I hack!'
Then Kentucky went suddenly still. Everyone at the table froze. No-one
dared move for fear of driving him over the edge. Par's stomach had
jumped into his throat. He tried to gauge how many seconds it would
take to extricate himself from the picnic table and make a break for
the far side of the room.
In a daze, Kentucky walked away from the table, leaned his forehead
against the wall and began mumbling quietly. The jewellery heister
slowly followed and spoke to him briefly in hushed tones before
returning to the table.
One of the guards had heard the ruckus and came up to the table.
`Is that guy OK?' he asked the jewellery heister while pointing to
Kentucky.
Not even if you used that term loosely, Par thought.
`Leave him alone,' the heister told the guard. `He's talking to the
aliens.'
`Right.' The guard turned around and left.
Every day, a nurse brought around special medicine for Kentucky. In
fact, Kentucky was zonked out most of the time on a cup of horrible,
smelly liquid. Sometimes, though, Kentucky secreted his medicine away
and traded it with another prisoner who wanted to get zonked out for a
day or so.
Those were bad days, the days when Kentucky had sold his medication.
It was on one of those days that he tried to kill Par.
Par sat on a metal bench, talking to other prisoners, when suddenly he
felt an arm wrap around his neck. He tried to turn around, but
couldn't.
`Here. I'll show you how I killed this one guy,' Kentucky whispered to
Par.
`No--No--' Par started to say, but Kentucky's biceps began pressing
against Par's Adam's apple. It was a vice-like grip.
`Yeah. Like this. I did it like this,' Kentucky said as he tensed his
muscle and pulled backward.
`No! Really, you don't need to. It's OK,' Par gasped. No air. His arms
flailing in front of him.
I'm done for, Par thought. My life is over. Hacker Murdered by Serial
Killer in Rikers Island. `Aliens Told Me to Do It.'
The omnipresent jewellery heister came up to Kentucky and started
cooing in his ear to let Par go. Then, just when Par thought he was
about to pass out, the jewellery heister pulled Kentucky off him.
Par reminded himself to always sit with his back against the wall.
Finally, after almost a month behind bars, Par was informed that an
officer from the Monterey County sheriff's office was coming to take
him back to California. Par had agreed to be extradited to California
after seeing the inside of New York's jails. Dealing with the federal
prosecutor in New York had also helped make up his mind.
The US Attorney's Office in New York gave Richard Rosen, who had taken
the case on again, a real headache. They didn't play ball. They played
`Queen for a Day'.
The way they negotiated reminded Rosen of an old American television
game of that name. The show's host pulled some innocent soul off the
street, seated her on a garish throne, asked her questions and then
gave her prizes. The US Attorney's Office in New York wanted to seat
Par on a throne, of sorts, to ask him lots of questions. At the end of
the unfettered interrogation, they would hand out prizes. Prison
terms. Fines. Convictions. As they saw fit. No guaranteed sentences.
They would decide what leniency, if any, he would get at the end of
the game.
Par knew what they were looking for: evidence against the MOD boys. He
wasn't having a bar of that. The situation stank, so Par decided not to
fight the extradition to California. Anything had to be better than New
York, with its crazy jail inmates and arrogant federal prosecutors.
The officer from the Monterey sheriff's office picked Par up on 17
December 1991.
Par spent the next few weeks in jail in California, but this time he
wasn't in any sort of protective custody. He had to share a cell with
Mexican drug dealers and other mafia, but at least he knew his way
around these people. And unlike the some of the people at Rikers, they
weren't stark raving lunatics.
Richard Rosen took the case back, despite Par's having skipped town
the first time, which Par thought was pretty good of the lawyer. But
Par had no idea how good it would be for him until it came to his
court date.
Par called Rosen from the jail, to talk about the case. Rosen had some
big news for him.
`Plead guilty. You're going to plead guilty to everything,' he told
Par.
Par thought Rosen had lost his marbles.
`No. We can win this case if you plead guilty,' Rosen assured him.
Par sat dumbfounded at the other end of the phone.
`Trust me,' the lawyer said.
The meticulous Richard Rosen had found a devastating weapon.
On 23 December 1991, Par pleaded guilty to two charges in Monterey
County Juvenile Court. He admitted everything. The whole nine yards.
Yes, I am The Parmaster. Yes, I broke into computers. Yes, I took
thousands of credit card details from a Citibank machine. Yes, yes,
yes.
In some way, the experience was cathartic, but only because Par knew
Rosen had a brilliant ace up his sleeve.
Rosen had rushed the case to be sure it would be heard in juvenile
court, where Par would get a more lenient sentence. But just because
Rosen was in a hurry didn't mean he was sloppy. When he went through
Par's file with a fine-toothed comb he discovered the official papers
declared Par's birthday to be 15 January 1971. In fact, Par's birthday
was some days earlier, but the DA's office didn't know that.
Under California law, a juvenile court has jurisdiction over citizens
under the age of 21. You can only be tried and sentenced in a juvenile
court if you committed the crimes in question while under the age of
eighteen and you are still under the age of 21 when you plead and are
sentenced.
Par was due to be sentenced on 13 January but on 8 January Rosen
applied for the case to be thrown out. When Deputy DA David Schott
asked why, Rosen dropped his bomb.
Par had already turned 21 and the juvenile court had no authority to
pass sentence over him. Further, in California, a case cannot be moved
into an adult court if the defendant has already entered a plea in a
juvenile one. Because Par had already done that, his case couldn't be
moved. The matter was considered `dealt with' in the eyes of the law.
The Deputy DA was flabbergasted. He spluttered and spewed. The DA's
office had dropped the original charges from a felony to a
misdemeanour. They had come to the table. How could this happen? Par
was a fugitive. He had been on the run for more than two years from
the frigging Secret Service, for Christ's sake. There was no way--NO
WAY--he was going to walk out of that courtroom scot-free.
The court asked Par to prove his birthday. A quick driver's licence
search at the department of motor vehicles showed Par and his lawyer
were telling the truth. So Par walked free.
When he stepped outside the courthouse, Par turned his face toward the
sun. After almost two months in three different jails on two sides of
the continent, the sun felt magnificent. Walking around felt
wonderful. Just wandering down the street made him happy.
However, Par never really got over being on the run.
From the time he walked free from the County Jail in Salinas,
California, he continued to move around the country, picking up
temporary work here and there. But he found it hard to settle in one
place. Worst of all, strange things began happening to him. Well, they
had always happened to him, but they were getting stranger by the
month. His perception of reality was changing.
There was the incident in the motel room. As Par sat in the Las Vegas
Travelodge on one if his cross-country treks, he perceived someone
moving around in the room below his. Par strained to hear. It seemed
like the man was talking to him. What was the man trying to tell him?
Par couldn't quite catch the words, but the more he listened, the more
Par was sure he had a message for him which he didn't want anyone else
to hear. It was very frustrating. No matter how hard he tried, no
matter how he put his ear down to the floor or against the wall, Par
couldn't make it out.
The surreal experiences continued. As Par described it, on a trip down
to Mexico, he began feeling quite strange, so he went to the US
consulate late one afternoon to get some help. But everyone in the
consulate behaved bizarrely.
They asked him for some identification, and he gave them his wallet.
They took his Social Security card and his California identification
card and told him to wait. Par believed they were going to pull up
information about him on a computer out the back. While waiting, his
legs began to tremble and a continuous shiver rolled up and down his
spine. It wasn't a smooth, fluid shiver, it was jerky. He felt like he
was sitting at the epicentre of an earthquake and it frightened him.
The consulate staff just stared
at him.
Finally Par stopped shaking. The other staff member returned and asked
him to leave.
`No-one can help you here,' he told Par.
Why was the consular official talking to him like that? What did he
mean--Par had to leave? What was he really trying to say? Par couldn't
understand him. Another consular officer came around to Par, carrying
handcuffs. Why was everyone behaving in such a weird way? That
computer. Maybe they had found some special message next to his name
on that computer.
Par tried to explain the situation, but the consulate staff didn't
seem to understand. He told them about how he had been on the run from
the Secret Service for two and a half years, but that just got him
queer looks. Blank faces. No comprehende. The more he explained, the
blanker the faces became.
The consular officials told him that the office was closing for the
day. He would have to leave the building. But Par suspected that was
just an excuse. A few minutes later, a Mexican policeman showed up. He
talked with one of the consular officials, who subsequently handed him
what Par perceived to be a slip of paper wrapped around a wad of peso
notes.
Two more policemen came into the consulate. One of them turned to Par
and said, `Leave!' but Par didn't answer. So the Mexican police
grabbed Par by the arms and legs and carried him out of the consulate.
Par felt agitated and confused and, as they crossed the threshold out
of the consulate, he screamed.
They put him in a police car and took him to a jail, where they kept
him overnight.
The next day, they released Par and he wandered the city aimlessly
before ending up back at the US consulate. The same consular officer
came up to him and asked how he was feeling.
Par said, `OK.'
Then Par asked if the official could help him get back to the border,
and he said he could. A few minutes later a white van picked up Par
and took him to the border crossing. When they arrived, Par asked the
driver if he could have $2 so he could buy a ticket for the train. The
driver gave it to him.
Par boarded the train with no idea of where he was headed.
Theorem visited Par in California twice in 1992 and the relationship
continued to blossom. Par tried to find work so he could pay her back
the $20000 she had lent him during his years on the run and during his
court case, but it was hard going. People didn't seem to want to hire
him.
`You don't have any computer skills,' they told him. He calmly
explained that, yes, he did indeed have computer skills.
`Well, which university did you get your degree from?' they asked.
No, he hadn't got his skills at any university.
`Well, which companies did you get your work experience from?'
No, he hadn't learned his skills while working for a company.
`Well, what did you do from 1989 to 1992?' the temp agency staffer
inevitably asked in an exasperated voice.
`I ... ah ... travelled around the country.' What else was Par going
to say? How could he possibly answer that question?
If he was lucky, the agency might land him a data-entry job at $8 per
hour. If he was less fortunate, he might end up doing clerical work
for less than that.
By 1993, things had become a little rocky with Theorem. After four and
a half years together, they broke up. The distance was too great, in
every sense. Theorem wanted a more stable life--maybe not a
traditional Swiss family with three children and a pretty chalet in
the Alps, but something more than Par's transient life on the road.
The separation was excruciatingly painful for both of them.
Conversation was strained for weeks after the decision. Theorem kept
thinking she had made a mistake. She kept wanting to ask Par to come
back. But she didn't.
Par drowned himself in alcohol. Shots of tequila, one after the other.
Scull it. Slam the glass down. Fill it to the top. Throw back another.
After a while, he passed out. Then he was violently ill for days, but
somehow he didn't mind. It was cleansing to be so ill.
Somewhere along the way, Rosen managed to get Par's things returned
from the Secret Service raids. He passed the outdated computer and
other equipment back to Par, along with disks, print-outs and notes.
Par gathered up every shred of evidence from his case, along with a
bottle of Jack Daniels, and made a bonfire. He shredded print-outs,
doused them in lighter fluid and set them alight. He fed the disks
into the fire and watched them melt in the flames. He flipped through
the pages and pages of notes and official reports and let them pull
out particular memories. Then he crumpled up each one and tossed it in
the fire. He even sprinkled a little Jack Daniels across the top for
good measure.
As he pulled the pages from a Secret Service report, making them into
tight paper balls, something caught his eye and made him wonder. Many
hackers around the world had been busted in a series of raids
following the first Thanksgiving raid at Par's house back in 1988.
Erik Bloodaxe, the MOD boys, the LOD boys, The Atlanta Three, Pad and
Gandalf, the Australians--they had all been either busted or raided
during 1989, 1990 and 1991.
How were the raids connected? Were the law-enforcement agencies on
three different continents really organised enough to coordinate
worldwide attacks on hackers?
The Secret Service report gave him a clue. It said that in December
1988, two informants had called Secret Service special agents in
separate divisions with information about Par. The informants--both
hackers--told the Secret Service that Par was not the `Citibank
hacker' the agency was looking for. They said the real `Citibank
hacker' was named Phoenix.
Phoenix from Australia.
Chapter 5 -- The Holy Grail.
So we came and conquered and found; riches of Commons and Kings.
-- from `River Runs Red', Blue Sky Mining.
There it was, in black and white. Two articles by Helen Meredith in
The Australian in January 1989.2 The whole Australian computer
underground was buzzing with the news.
The first article appeared on 14 January:
Citibank hackers score $500,000
An elite group of Australian hackers has lifted more than
$US500,000 ($580,000) out of America's Citibank in one of the more
daring hacking crimes in Australia's history.
Australian federal authorities were reported late yesterday to be
working with American authorities to pin down the Australian
connection involving hackers in Melbourne and Sydney.
These are the elite `freekers' of white collar crime ...
The Australian connection is reported to have used a telephone in
the foyer of Telecom's headquarters at 199 William Street in
Melbourne to send a 2600-hertz signal giving them access to a trunk
line and ultimately to a managerial access code for Citibank.
Sources said last night the hackers had lifted $US563,000 from the
US bank and transferred it into several accounts. The money has now
been withdrawn ...
Meanwhile, Victorian police were reported yesterday to be
systematically searching the homes of dozens of suspects in a
crackdown on computer hackers ...
An informed source said Criminal Investigation Bureau officers
armed with search warrants were now searching through the
belongings of the hacking community and expected to find hundreds
of thousands of dollars of goods.
An informed source said Criminal Investigation Bureau officers
armed with search warrants were now searching through the
belongings of the hacking community and expected to find hundreds
of thousands of dollars of goods.
The second article was published ten days later:
Hackers list card hauls on boards
Authorities remain sceptical of the latest reports of an
international hacking and phreaking ring and its Australian
connection.
Yesterday, however, evidence continued to stream into the Melbourne
based bulletin boards under suspicion ...
In the latest round of bulletin board activity, a message from a
United States hacker known as Captain Cash provided the Australian
connection with the latest news on Australian credit cards,
provided by local hackers, and their illegal use by US hackers to
the value of $US362 018 ($416112).
The information was taken from a computer bulletin board system
known as Pacific Island and used actively by the Australian
connection.
The message read: `OK on the 5353 series which we are closing
today--Mastercard $109 400.50. On the 4564 series--Visa which I'll
leave open for a week
$209417.90. And on good old don't leave home without someone
else's: $43 200.
`Making a grand total of
$362018.40!
`Let's hear it for our Aussie friends!
`I hear they are doing just as well!
`They are sending more numbers on the 23rd! Great!
`They will be getting 10%
as usual...a nice bonus of
$36 200.00!'
The bulletin board also contained advice for phreakers on using
telephones in Telecom's 199 William Street headquarters and the
green phones at Spencer Street Station in Melbourne--to make free
international calls ...
Phoenix, another local bulletin board user, listed prices for
`EXTC'- tablets ...
Late Friday, The Australian received evidence suggesting a break-in
of the US Citibank network by Australian hackers known as The Realm
...
The gang's US connection is believed to be based in Milwaukee and
Houston. US Federal authorities have already raided US hackers
involved in Citibank break-ins in the US.
A covert operation of the Bureau of Criminal Intelligence has had
the Australian connection under surveillance and last week took
delivery of six months' of evidence from the Pacific Island board
and associated boards going by the name of Zen and Megaworks ...
The Australian hackers include a number of Melbourne people, some
teenagers, suspected or already convicted of crimes including
fraud, drug use and car theft. Most are considered to be at the
least, digital voyeurs, at worst criminals with a possible big
crime connection.
The information received by The Australian amounts to a confession
on the part of the Australian hackers to involvement in the
break-in of the US Citibank network as well as advice on phreaking
... and bank access.
The following is taken directly from the bulletin board ... It was
stored in a private mailbox on the board and is from a hacker known
as Ivan Trotsky to one who uses the name Killer Tomato:
`OK this is what's been happening ...
`While back a Sysop had a call from the Feds, they wanted Force's,
Phoenix's, Nom's, Brett Macmillan's and my names in connection with
some hacking The Realm had done and also with some carding meant to
have been done too.
`Then in the last few days I get info passed to me that the Hack
that was done to the Citibank in the US which has led to arrests
over there also had connections to Force and Electron ...'
DPG monitoring service spokesman, Mr Stuart Gill, said he believed
the Pacific Island material was only the tip of the iceberg.
`They're far better organised than the police,' he said.
`Unless everyone gets their act together and we legislate against
it, we'll still be talking about the same things this time next
year.'
Yesterday, the South Australian police started an operation to put
bulletin boards operating in that state under surveillance.
And in Western Australia, both political parties agreed they would
proceed with an inquiry into computer hacking, whoever was in
government.
The Victoria Police fraud squad last week announced it had set up a
computer crime squad that would investigate complaints of computer
fraud.
The articles were painful reading for most in the computer
underground.
Who was this Captain Cash? Who was the Killer Tomato? Many believed
they were either Stuart Gill, or that Gill had forged messages by them
or others on Bowen's board. Was the underground rife with credit card
frauders? No. They formed only a very small part of that community.
Had the Melbourne hackers stolen half a million dollars from Citibank?
Absolutely not. A subsequent police investigation determined this
allegation to be a complete fabrication.
How had six months' worth of messages from PI and Zen found their way
into the hands of the Victoria Police Bureau of Criminal Intelligence?
Members of the underground had their suspicions.
To some, Stuart Gill's role in the underground appeared to be that of
an information trader. He would feed a police agency information, and
garner a little new material from it in exchange. He then amalgamated
the new and old material and delivered the new package to another
police agency, which provided him a little more material to add to the
pot. Gill appeared to play the same game in the underground.
A few members of the underground, particularly PI and Zen regulars
Mentat and Brett MacMillan, suspected chicanery and began fighting a
BBS-based war to prove their point. In early 1989, MacMillan posted a
message stating that Hackwatch was not registered as a business
trading name belonging to Stuart Gill at the Victorian Corporate
Affairs office. Further, he stated, DPG Monitoring Services did not
exist as an official registered business trading name either.
MacMillan then stunned the underground by announcing that he had
registered the name Hackwatch himself, presumably to stop Stuart
Gill's media appearances as a Hackwatch spokesman.
Many in the underground felt duped by Gill, but they weren't the only
ones. Soon some journalists and police would feel the same way. Stuart
Gill wasn't even his real name.
What Gill really wanted, some citizens in the underground came to
believe, was a public platform from which he could whip up hacker hype
and then demand the introduction of tough new anti-hacking laws. In
mid-1989, the Commonwealth Government did just that, enacting the
first federal computer crime laws.
It wasn't the journalists' fault. For example, in one case Helen
Meredith had asked Gill for verification and he had referred her to
Superintendent Tony Warren, of the Victoria Police, who had backed him
up. A reporter couldn't ask for better verification than that.
And why wouldn't Warren back Gill? A registered ISU informer, Gill
also acted as a consultant, adviser, confidant and friend to various
members of the Victoria Police. He was close to both Warren and,
later, to Inspector Chris Cosgriff. From 1985 to 1987, Warren had
worked at the Bureau of Criminal Intelligence (BCI). After that, he
was transferred to the Internal Investigations Department (IID), where
he worked with Cosgriff who joined IID in 1988.
Over a six-month period in 1992, Tony Warren received more than 200
phone calls from Stuart Gill--45 of them to his home number. Over an
eighteen-month period in 1991-92, Chris Cosgriff made at least 76
personal visits to Gill's home address and recorded 316 phone calls
with him.3
The Internal Security Unit (ISU) investigated corruption within the
police force. If you had access to ISU, you knew everything that the
Victoria Police officially knew about corruption within its ranks. Its
information was highly sensitive, particularly since it could involve
one police officer dobbing in another. However, a 1993 Victorian
Ombudsman's report concluded that Cosgriff leaked a large amount of
confidential ISU material to Gill, and that Warren's relationship with
Gill was inappropriate.4
When Craig Bowen (aka Thunderbird1) came to believe in 1989 that he
had been duped by Gill, he retreated into a state of denial and
depression. The PI community had trusted him. He entered his
friendship with Gill a bright-eyed, innocent young man looking for
adventure. He left the friendship betrayed and gun-shy.
Sad-eyed and feeling dark on the world, Craig Bowen turned off PI and
Zen forever.
Sitting at his computer sometime in the second half of 1989, Force
stared at his screen without seeing anything, his mind a million miles
away. The situation was bad, very bad, and lost in thought, he toyed
with his mouse absent-mindedly, thinking about how to deal with this
problem.
The problem was that someone in Melbourne was going to be busted.
Force wanted to discount the secret warning, to rack it up as just
another in a long line of rumours which swept through the underground
periodically, but he knew he couldn't do that. The warning was rock
solid; it had come from Gavin.*
The way Force told it, his friend Gavin worked as a contractor to
Telecom by day and played at hacking at night. He was Force's little
secret, who he kept from the other members of The Realm. Gavin was
definitely not part of the hacker BBS scene. He was older, he didn't
even have a handle and he hacked alone, or with Force, because he saw
hacking in groups as risky.
As a Telecom contractor, Gavin had the kind of access to computers and
networks which most hackers could only dream about. He also had good
contacts inside Telecom--the kind who might answer a few tactfully
worded questions about telephone taps and line traces, or might know a
bit about police investigations requiring Telecom's help.
Force had met Gavin while buying some second-hand equipment through
the Trading Post. They hit it off, became friends and soon began
hacking together. Under the cover of darkness, they would creep into
Gavin's office after everyone else had gone home and hack all night.
At dawn, they tidied up and quietly left the building. Gavin went
home, showered and returned to work as if nothing had happened.
Gavin introduced Force to trashing. When they weren't spending the
night in front of his terminal, Gavin crawled through Telecom's
dumpsters looking for pearls of information on crumpled bits of office
paper. Account names, passwords, dial-up modems, NUAs--people wrote
all sorts of things down on scrap paper and then threw it out the next
day when they didn't need it any more.
According to Force, Gavin moved offices frequently, which made it
easier to muddy the trail. Even better, he worked from offices which
had dozens of employees making hundreds of calls each day. Gavin and
Force's illicit activities were buried under a mound of daily
legitimate transactions.
The two hackers trusted each other; in fact Gavin was the only person
to whom Force revealed the exact address of the CitiSaudi machine. Not
even Phoenix, rising star of The Realm and Force's favoured protégé,
was privy to all the secrets of Citibank uncovered during Force's
network explorations.
Force had shared some of this glittering prize with Phoenix, but not
all of it. Just a few of the Citibank cards--token trophies--and
general information about the Citibank network. Believing the
temptation to collect vast numbers of cards and use them would be too
great for the young Phoenix, Force tried to keep the exact location of
the Citibank machine a secret. He knew that Phoenix might eventually
find the Citibank system on his own, and there was little he could do
to stop him. But Force was determined that he wouldn't help Phoenix
get himself into trouble.
The Citibank network had been a rich source of systems--something
Force also kept to himself. The more he explored, the more he found in
the network. Soon after his first discovery of the CitiSaudi system,
he found a machine called CitiGreece which was just as willing to dump
card details as its Saudi-American counterpart. Out of fifteen or so
credit cards Force discovered on the system, only two appeared to be
valid. He figured the others were test cards and that this must be a
new site. Not long after the discovery of the CitiGreece machine, he
discovered similar embryonic sites in two other countries.
Force liked Phoenix and was impressed by the new hacker's enthusiasm
and desire to learn about computer networks.
Force introduced Phoenix to Minerva, just as Craig Bowen had done for
Force some years before. Phoenix learned quickly and came back for
more. He was hungry and, in Force's discerning opinion, very bright.
Indeed, Force saw a great deal of himself in the young hacker. They
were from a similarly comfortable, educated middle-class background.
They were also both a little outside the mainstream. Force's family
were migrants to Australia. Some of Phoenix's family lived in Israel,
and his family was very religious.
Phoenix attended one of the most Orthodox Jewish schools in Victoria,
a place which described itself as a `modern orthodox Zionist'
institution. Nearly half the subjects offered in year 9 were in Jewish
Studies, all the boys wore yarmulkes and the school expected students
to be fluent in Hebrew by the time they graduated.
In his first years at the school, Phoenix had acquired the nickname
`The Egg'. Over the following years he became a master at playing the
game--jumping through hoops to please teachers. He learned that doing
well in religious studies was a good way to ingratiate himself to
teachers, as well as his parents and, in their eyes at least, he
became the golden-haired boy.
Anyone scratching below the surface, however, would find the shine of
the golden-haired boy was merely gilt. Despite his success in school
and his matriculation, Phoenix was having trouble. He had been
profoundly affected by the bitter break-up and divorce of his parents
when he was about fourteen.
After the divorce, Phoenix was sent to boarding school in Israel for
about six months. On his return to Melbourne, he lived with his
younger sister and mother at his maternal grandmother's house. His
brother, the middle child, lived with his father.
School friends sometimes felt awkward visiting Phoenix at home. One of
his best friends found it difficult dealing with Phoenix's mother,
whose vivacity sometimes bordered on the neurotic and shrill. His
grandmother was a chronic worrier, who pestered Phoenix about using
the home phone line during thunderstorms for fear he would be
electrocuted. The situation with Phoenix's father wasn't much better.
A manager at Telecom, he seemed to waver between appearing
disinterested or emotionally cold and breaking into violent outbursts
of anger.
But it was Phoenix's younger brother who seemed to be the problem
child. He ran away from home at around seventeen and dealt in drugs
before eventually finding his feet. Yet, unlike Phoenix, his brother's
problems had been laid bare for all to see. Hitting rock bottom forced
him to take stock of his life and come to terms with his situation.
In contrast, Phoenix found less noticeable ways of expressing his
rebellion. Among them was his enthusiasm for tools of power--the
martial arts, weapons such as swords and staffs, and social
engineering. During his final years of secondary school, while still
living at his grandmother's home, Phoenix took up hacking. He hung
around various Melbourne BBSes, and then he developed an on-line
friendship with Force.
Force watched Phoenix's hacking skills develop with interest and after
a couple of months he invited him to join The Realm. It was the
shortest initiation of any Realm member, and the vote to include the
new hacker was unanimous. Phoenix proved to be a valuable member,
collecting information about new systems and networks for The Realm's
databases. At their peak of hacking activity, Force and Phoenix spoke
on the phone almost every day.
Phoenix's new-found acceptance contrasted with the position of
Electron, who visited The Realm regularly for a few months in 1988. As
Phoenix basked in the warmth of Force's approval, the
eighteen-year-old Electron felt the chill of his increasing scorn.
Force eventually turfed Electron and his friend, Powerspike, out of
his exclusive Melbourne club of hackers. Well, that was how Force told
it. He told the other members of The Realm that Electron had committed
two major sins. The first was that he had been wasting resources by
using accounts on OTC's Minerva system to connect to Altos, which
meant the accounts would be immediately tracked and killed.
Minerva admins such as Michael Rosenberg--sworn enemy of The
Realm--recognised the Altos NUA. Rosenberg was OTC's best defence
against hackers. He had spent so much time trying to weed them out of
Minerva that he knew their habits by heart: hack, then zoom over to
Altos for a chat with fellow hackers, then hack some more.
Most accounts on Minerva were held by corporations. How many
legitimate users from ANZ Bank would visit Altos? None. So when
Rosenberg saw an account connecting to Altos, he silently observed
what the hacker was doing--in case he bragged on the German chat
board--then changed the password and notified the client, in an effort
to lock the hacker out for good.
Electron's second sin, according to Force, was that he had been
withholding hacking information from the rest of the group. Force's
stated view--though it didn't seem to apply to him personally--was one
in, all in.
It was a very public expulsion. Powerspike and Electron told each
other they didn't really care. As they saw it, they might have visited
The Realm BBS now and then but they certainly weren't members of The
Realm. Electron joked with Powerspike, `Who would want to be a member
of a no-talent outfit like The Realm?' Still, it must have hurt.
Hackers in the period 1988-90 depended on each other for information.
They honed their skills in a community which shared intelligence and
they grew to rely on the pool of information.
Months later, Force grudgingly allowing Electron to rejoin The Realm,
but the relationship remained testy. When Electron finally logged in
again, he found a file in the BBS entitled `Scanner stolen from the
Electron'. Force had found a copy of Electron's VMS scanner on an
overseas computer while Electron was in exile and had felt no qualms
about pinching it for The Realm.
Except that it wasn't a scanner. It was a VMS Trojan. And there was a
big difference. It didn't scan for the addresses of computers on a
network. It snagged passwords when people connected from their VMS
computers to another machine over an X.25 network. Powerspike cracked
up laughing when Electron told him. `Well,' he told Powerspike, `Mr
Bigshot Force might know something about Prime computers, but he
doesn't know a hell of a lot about VMS.'
Despite Electron's general fall from grace, Phoenix talked to the
outcast because they shared the obsession. Electron was on a steep
learning curve and, like Phoenix, he was moving fast--much faster than
any of the other Melbourne hackers.
When Phoenix admitted talking to Electron regularly, Force tried to
pull him away, but without luck. Some of the disapproval was born of
Force's paternalistic attitude toward the Australian hacking scene. He
considered himself to be a sort of godfather in the hacking community.
But Force was also increasingly concerned at Phoenix's ever more
flagrant taunting of computer security bigwigs and system admins. In
one incident, Phoenix knew a couple of system admins and security
people were waiting on a system to trap him by tracing his network
connections. He responded by sneaking into the computer unnoticed and
quietly logging off each admin. Force laughed about it at the time,
but privately the story made him more than a little nervous.
Phoenix enjoyed pitting himself against the pinnacles of the computer
security industry. He wanted to prove he was better, and he frequently
upset people because often he was. Strangely, though, Force's protégé
also thought that if he told these experts about a few of the holes in
their systems, he would somehow gain their approval. Maybe they would
even give him inside information, like new penetration techniques,
and, importantly, look after him if things got rough. Force wondered
how Phoenix could hold two such conflicting thoughts in his mind at
the same time without questioning the logic of either.
It was against this backdrop that Gavin came to Force with his urgent
warning in late 1989. Gavin had learned that the Australian Federal
Police were getting complaints about hackers operating out of
Melbourne. The Melbourne hacking community had become very noisy and
was leaving footprints all over the place as its members traversed the
world's data networks.
There were other active hacking communities outside Australia--in the
north of England, in Texas, in New York. But the Melbourne hackers
weren't just noisy--they were noisy inside American computers. It
wasn't just a case of American hackers breaking into American systems.
This was about foreign nationals penetrating American computers. And
there was something else which made the Australian hackers a target.
The US Secret Service knew an Australian named Phoenix had been inside
Citibank, one of the biggest financial institutions in the US.
Gavin didn't have many details to give Force. All he knew was that an
American law enforcement agency--probably the Secret Service--had been
putting enormous pressure on the Australian government to bust these
people.
What Gavin didn't know was that the Secret Service wasn't the only
source of pressure coming from the other side of the Pacific. The FBI
had also approached the Australian Federal Police about the mysterious
but noisy Australian hackers who kept breaking into American systems,5
and the AFP had acted on the information.
In late 1989, Detective Superintendent Ken Hunt of the AFP headed an
investigation into the Melbourne hackers. It was believed to be the
first major investigation of computer crime since the introduction of
Australia's first federal anti-hacking laws. Like most law enforcement
agencies around the world, the AFP were new players in the field of
computer crime. Few officers had expertise in computers, let alone
computer crime, so this case would prove to be an important proving
ground.6
When Gavin broke the news, Force acted immediately. He called Phoenix
on the phone, insisting on meeting him in person as soon as possible.
As their friendship had progressed, they had moved from talking
on-line to telephone conversations and finally to spending time
together in person. Force sat Phoenix down alone and gave him a stern
warning. He didn't tell him how he got his information, but he made it
clear the source was reliable.
The word was that the police felt they had to bust someone. It had
come to the point where an American law enforcement officer had
reportedly told his Australian counterpart, `If you don't do something
about it soon, we'll do something about it ourselves'. The American
hadn't bothered to elaborate on just how they might do something about
it, but it didn't matter.
Phoenix looked suddenly pale. He had certainly been very noisy, and
was breaking into systems virtually all the time now. Many of those
systems were in the US.
He certainly didn't want to end up like the West German hacker
Hagbard, whose petrol-doused, charred remains had been discovered in a
German forest in June 1989.
An associate of Pengo's, Hagbard had been involved in a ring of German
hackers who sold the information they found in American computers to a
KGB agent in East Germany from 1986 to 1988.
In March 1989, German police raided the homes and offices of the
German hacking group and began arresting people. Like Pengo, Hagbard
had secretly turned himself into the German authorities months before
and given full details of the hacking ring's activities in the hope of
gaining immunity from prosecution.
American law enforcement agencies and prosecutors had not been
enthusiastic about showing the hackers any leniency. Several US
agencies, including the CIA and the FBI, had been chasing the German
espionage ring and they wanted stiff sentences, preferably served in
an American prison.
German court proceedings were under way when Hagbard's body was found.
Did he commit suicide or was he murdered? No-one knew for sure, but
the news shook the computer underground around the world. Hackers
discussed the issue in considerable depth. On the one hand, Hagbard
had a long history of mental instability and drug use, having spent
time in psychiatric hospitals and detoxification centres off and on
since the beginning of 1987. On the other hand, if you were going to
kill yourself, would you really want to die in the agony of a petrol
fire? Or would you just take a few too many pills or a quick bullet?
Whether it was murder or suicide, the death of Hagbard loomed large
before Phoenix. Who were the American law enforcement agencies after
in Australia? Did they want him?
No. Force reassured him, they were after Electron. The problem for
Phoenix was that he kept talking to Electron on the phone--in voice
conversations. If Phoenix continued associating with Electron, he too
would be scooped up in the AFP's net.
The message to Phoenix was crystal clear.
Stay away from Electron.
`Listen, you miserable scum-sucking pig.'
`Huh?' Phoenix answered, only half paying attention.
`Piece of shit machine. I did all this editing and the damn thing
didn't save the changes,' Electron growled at the Commodore Amiga,
with its 512 k of memory, sitting on the desk in his bedroom.
It was January 1990 and both Phoenix and Electron were at home on
holidays before the start of university.
`Yeah. Wish I could get this thing working. Fucking hell. Work you!'
Phoenix yelled. Electron could hear him typing at the other end of the
phone while he talked. He had been struggling to get AUX, the Apple
version of Unix, running on his Macintosh SE30 for days.
It was difficult to have an uninterrupted conversation with Phoenix.
If it wasn't his machine crashing, it was his grandmother asking him
questions from the doorway of his room.
`You wanna go through the list? How big is your file?' Phoenix asked,
now more focused on the conversation.
`Huh? Which file?'
`The dictionary file. The words to feed into the password cracker,'
Phoenix replied.
Electron pulled up his list of dictionary words and looked
at it. I'm going to have to cut this list down a bit, he thought. The
dictionary was part of the password cracking program.
The larger the dictionary, the longer it took the computer to crack a
list of passwords. If he could weed out obscure words--words that
people were unlikely to pick as passwords--then he could make his
cracker run faster.
An efficient password cracker was a valuable tool. Electron would feed
his home computer a password file from a target computer, say from
Melbourne University, then go to bed. About twelve hours later, he
would check on his machine's progress.
If he was lucky, he would find six or more accounts--user names and
their passwords--waiting for him in a file. The process was completely
automated. Electron could then log into Melbourne University using the
cracked accounts, all of which could be used as jumping-off points for
hacking into other systems for the price of a local telephone call.
Cracking Unix passwords wasn't inordinately difficult,
provided the different components of the program, such as the
dictionary, had been set up properly. However, it was time-consuming.
The principle was simple. Passwords, kept in password files with their
corresponding user names, were encrypted. It was as impossible to
reverse the encryption process as it was to unscramble an omelette.
Instead, you needed to recreate the encryption process and compare the
results.
There were three basic steps. First, target a computer and get a copy
of its password file. Second, take a list of commonly used passwords,
such as users' names from the password file or words from a
dictionary, and encrypt those into a second list. Third, put the two
lists side by side and compare them. When you have a match, you have
found the password.
However, there was one important complication: salts. A salt changed
the way a password was encrypted, subtly modifying the way the DES
encryption algorithm worked. For example, the word `Underground'
encrypts two different ways with two different salts: `kyvbExMcdAOVM'
or `lhFaTmw4Ddrjw'. The first two characters represent the salt, the
others represent the password. The computer chooses a salt randomly
when it encrypts a user's password. Only one is used, and there are
4096 different salts. All Unix computers use salts in their password
encryption process.
Salts were intended to make password cracking far more difficult, so a
hacker couldn't just encrypt a dictionary once and then compare it to
every list of encrypted passwords he came across in his hacking
intrusions. The 4096 salts mean that a hacker would have to use 4096
different dictionaries--each encrypted with a different salt--to
discover any dictionary word passwords.
On any one system penetrated by Electron, there might be only 25
users, and therefore only 25 passwords, most likely using 25 different
salts. Since the salt characters were stored immediately before the
encrypted password, he could easily see which salt was being used for
a particular password. He would therefore only have to encrypt a
dictionary 25 different times.
Still, even encrypting a large dictionary 25 times using different
salts took up too much hard-drive space for a basic home computer. And
that was just the dictionary. The most sophisticated cracking programs
also produced `intelligent guesses' of passwords. For example, the
program might take the user's name and try it in both upper- and
lower-case letters. It might also add a `1' at the end. In short, the
program would create new guesses by permutating, shuffling, reversing
and recombining basic information such as a user's name into new
`words'.
`It's 24000 words. Too damn big,' Electron said. Paring down a
dictionary was a game of trade-offs. The fewer words in a cracking
dictionary, the less time it was likely to take a computer to break
the encrypted passwords. A smaller dictionary, however, also meant
fewer guesses and so a reduced chance of cracking the password of any
given account.
`Hmm. Mine's 24328. We better pare it down together.'
`Yeah. OK. Pick a letter.'
`C. Let's start with the Cs.'
`Why C?'
`C. For my grandmother's cat, Cocoa.'
`Yeah. OK. Here goes. Cab, Cabal. Cabala. Cabbala.' Electron paused.
`What the fuck is a Cabbala?'
`Dunno. Yeah. I've got those. Not Cabbala. OK, Cabaret. Cabbage. Fuck,
I hate cabbage. Who'd pick Cabbage as their password?'
`A Pom,' Electron answered.
`Yeah,' Phoenix laughed before continuing.
Phoenix sometimes stopped to think about Force's warning, but usually
he just pushed it to one side when it crept, unwelcomed, into his
thoughts. Still, it worried him. Force took it seriously enough. Not
only had he stopped associating with Electron, he appeared to have
gone very, very quiet.
In fact, Force had found a new love: music. He was writing and
performing his own songs. By early 1990 he seemed so busy with his
music that he had essentially put The Realm on ice. Its members took
to congregating on a machine owned by another Realm member, Nom, for a
month or so.
Somehow, however, Phoenix knew that wasn't all of the story. A hacker
didn't pick up and walk away from hacking just like that. Especially
not Force. Force had been obsessed with hacking. It just didn't make
sense. There had to be something more. Phoenix comforted himself with
the knowledge that he had followed Force's advice and had stayed away
from Electron. Well, for a while anyway.
He had backed right off, watched and waited, but nothing happened.
Electron was as active in the underground as ever but he hadn't been
busted. Nothing had changed. Maybe Force's information had been wrong.
Surely the feds would have busted Electron by now if they were going
to do anything. So Phoenix began to rebuild his relationship with
Electron. It was just too tempting. Phoenix was determined not to let
Force's ego impede his own progress.
By January 1990, Electron was hacking almost all the time. The only
time he wasn't hacking was when he was sleeping, and even then he
often dreamed of hacking. He and Phoenix were sailing past all the
other Melbourne hackers. Electron had grown beyond Powerspike's
expertise just as Phoenix had accelerated past Force. They were moving
away from X.25 networks and into the embryonic Internet, which was
just as illegal since the universities guarded computer
accounts--Internet access--very closely.
Even Nom, with his growing expertise in the Unix operating system
which formed the basis of many new Internet sites, wasn't up to
Electron's standard. He didn't have the same level of commitment to
hacking, the same obsession necessary to be a truly cutting-edge
hacker. In many ways, the relationship between Nom and Phoenix
mirrored the relationship between Electron and Powerspike: the support
act to the main band.
Electron didn't consider Phoenix a close friend, but he was a kindred
spirit. In fact he didn't trust Phoenix, who had a big mouth, a big
ego and a tight friendship with Force--all strikes against him. But
Phoenix was intelligent and he wanted to learn. Most of all, he had
the obsession. Phoenix contributed to a flow of information which
stimulated Electron intellectually, even if more information flowed
toward Phoenix than from him.
Within a month, Phoenix and Electron were in regular contact, and
during the summer holidays they were talking on the phone--voice--all
the time, sometimes three or four times a day. Hack then talk. Compare
notes. Hack some more. Check in again, ask a few questions. Then back
to hacking.
The actual hacking was generally a solo act. For a social animal like
Phoenix, it was a lonely pursuit. While many hackers revelled in the
intense isolation, some, such as Phoenix, also needed to check in with
fellow humanity once in a while. Not just any humanity--those who
understood and shared in the obsession.
`Caboodle. Caboose, `Electron went on, `Cabriolet. What the hell is a
Cabriolet? Do you know?'
`Yeah,' Phoenix answered, then rushed on. `OK. Cacao. Cache. Cachet
...'
`Tell us. What is it?' Electron cut Phoenix off.
`Cachinnation. Cachou ...'
`Do you know?' Electron asked again, slightly irritated. As usual,
Phoenix was claiming to know things he probably didn't.
`Hmm? Uh, yeah,' Phoenix answered weakly. `Cackle. Cacophony ...'
Electron knew that particular Phoenix `yeah'--the one which said `yes'
but meant `no, and I don't want to own up to it either so let's drop
it'.
Electron made it a habit not to believe most of the things Phoenix
told him. Unless there was some solid proof, Electron figured it was
just hot air. He didn't actually like Phoenix much as a person, and
found talking to him difficult at times. He preferred the company of
his fellow hacker Powerspike.
Powerspike was both bright and creative. Electron clicked with him.
They often joked about the other's bad taste in music. Powerspike
liked heavy metal, and Electron liked indie music. They shared a
healthy disrespect for authority. Not just the authority of places
they hacked into, like the US Naval Research Laboratories or NASA, but
the authority of The Realm. When it came to politics, they both leaned
to the left. However, their interest tended more toward
anarchy--opposing symbols of the military-industrial complex--than to
joining a political party.
After their expulsion from The Realm, Electron had been a little
isolated for a time. The tragedy of his personal life had contributed
to the isolation. At the age of eight, he had seen his mother die of
lung cancer. He hadn't witnessed the worst parts of her dying over two
years, as she had spent some time in a German cancer clinic hoping for
a reprieve. She had, however, come home to die, and Electron had
watched her fade away.
When the phone call from hospital came one night, Electron could tell
what had happened from the serious tones of the adults. He burst into
tears. He could hear his father answering questions on the phone. Yes,
the boy had taken it hard. No, his sister seemed to be OK. Two years
younger than Electron, she was too young to understand.
Electron had never been particularly close to his sister. He viewed
her as an unfeeling, shallow person--someone who simply skimmed along
the surface of life. But after their mother's death, their father
began to favour Electron's sister, perhaps because of her resemblance
to his late wife. This drove a deeper, more subtle wedge between
brother and sister.
Electron's father, a painter who taught art at a local high school,
was profoundly affected by his wife's death. Despite some barriers of
social class and money, theirs had been a marriage of great affection
and love and they made a happy home. Electron's father's paintings
hung on almost every wall in the house, but after his wife's death he
put down his brushes and never took them up again. He didn't talk
about it. Once, Electron asked him why he didn't paint any more. He
looked away and told Electron that he had `lost the motivation'.
Electron's grandmother moved into the home to help her son care for
his two children, but she developed Alzheimer's disease. The children
ended up caring for her. As a teenager, Electron thought it was
maddening caring for someone who couldn't even remember your name.
Eventually, she moved into a nursing home.
In August 1989, Electron's father arrived home from the doctor's
office. He had been mildly ill for some time, but refused to take time
off work to visit a doctor. He was proud of having taken only one
day's sick leave in the last five years. Finally, in the holidays, he
had seen a doctor who had conducted numerous tests. The results had
come in.
Electron's father had bowel cancer and the disease had spread. It
could not be cured. He had two years to live at the most.
Electron was nineteen years old at the time, and his early love of the
computer, and particularly the modem, had already turned into a
passion. Several years earlier his father, keen to encourage his
fascination with the new machines, used to bring one of the school's
Apple IIes home over weekends and holidays. Electron spent hours at
the borrowed machine. When he wasn't playing on the computer, he read,
plucking one of his father's spy novels from the over-crowded
bookcases, or his own favourite book, The Lord of The Rings.
Computer programming had, however, captured the imagination of the
young Electron years before he used his first computer. At the age of
eleven he was using books to write simple programs on paper--mostly
games--despite the fact that he had never actually touched a keyboard.
His school may have had a few computers, but its administrators had
little understanding of what to do with them. In year 9, Electron had
met with the school's career counsellor, hoping to learn about career
options working with computers.
`I think maybe I'd like to do a course in computer programming ...'
His voice trailed off, hesitantly.
`Why would you want to do that?' she said. `Can't you think of
anything better than that?'
`Uhm ...' Electron was at a loss. He didn't know what to do. That was
why he had come to her. He cast around for something which seemed a
more mainstream career option but which might also let him work on
computers. `Well, accounting maybe?'
`Oh yes, that's much better,' she said.
`You can probably even get into a university, and study accounting
there. I'm sure you will enjoy it,' she added, smiling as she closed
his file.
The borrowed computers were, in Electron's opinion, one of the few
good things about school. He did reasonably well at school, but only
because it didn't take much effort. Teachers consistently told his
father that Electron was underachieving and that he distracted the
other students in class. For the most part, the criticism was just
low-level noise. Occasionally, however, Electron had more serious
run-ins with his teachers. Some thought he was gifted. Others thought
the freckle-faced, Irish-looking boy who helped his friends set fire
to textbooks at the back of the class was nothing but a smart alec.
When he was sixteen, Electron bought his own computer. He used it to
crack software protection, just as Par had done. The Apple was soon
replaced by a more powerful Amiga with a 20 megabyte IBM compatible
sidecar. The computers lived, in succession, on one of the two desks
in his bedroom. The second desk, for his school work, was usually
piled high with untouched assignments.
The most striking aspect of Electron's room was the ream after ream of
dot matrix computer print-out which littered the floor. Standing at
almost any point in the simply furnished room, someone could reach out
and grab at least one pile of print-outs, most of which contained
either usernames and passwords or printed computer program code. In
between the piles of print-outs, were T-shirts, jeans, sneakers and
books on the floor. It was impossible to walk across Electron's room
without stepping on something.
The turning point for Electron was the purchase of a second-hand 300
baud modem in 1986. Overnight, the modem transformed Electron's love
of the computer into an obsession. During the semester immediately
before the modem's arrival, Electron's report card showed six As and
one B. The following semester he earned six Bs and only one A.
Electron had moved onto bigger and better things than school. He
quickly became a regular user of underground BBSes and began hacking.
He was enthralled by an article he discovered describing how several
hackers claimed to have moved a satellite around in space simply by
hacking computers. From that moment on, Electron decided he wanted to
hack--to find out if the article was true.
Before he graduated from school in 1987, Electron had hacked NASA, an
achievement which saw him dancing around the dining room table in the
middle of the night chanting, `I got into NASA! I got into NASA!' He
hadn't moved any satellites, but getting into the space agency was as
thrilling as flying to the moon.
By 1989, he had been hacking regularly for years, much to the chagrin
of his sister, who claimed her social life suffered because the
family's sole phone line was always tied up by the modem.
For Phoenix, Electron was a partner in hacking, and to a lesser degree
a mentor. Electron had a lot to offer, by that time even more than The
Realm.
`Cactus, Cad, Cadaver, Caddis, Cadence, Cadet, Caesura. What the fuck
is a Caesura?' Phoenix kept ploughing through the Cs.
`Dunno. Kill that,' Electron answered, distracted.
`Caesura. Well, fuck. I know I'd wanna use that as a password.'
Phoenix laughed. `What the hell kind of word is Caduceus?'
`A dead one. Kill all those. Who makes up these dictionaries?'
Electron said.
`Yeah.'
`Caisson, Calabash. Kill those. Kill, kill, kill,' Electron said
gleefully.
`Hang on. How come I don't have Calabash in my list?' Phoenix feigned
indignation.
Electron laughed.
`Hey,' Phoenix said, `we should put in words like "Qwerty" and
"ABCDEF" and "ASDFGH".'
`Did that already.' Electron had already put together a list of other
common passwords, such as the `words' made when a user typed the six
letters in the first alphabet row on a keyboard.
Phoenix started on the list again. `OK the COs. Commend, Comment,
Commerce, Commercial, Commercialism, Commercially. Kill those last
three.'
`Huh? Why kill Commercial?'
`Let's just kill all the words with more than eight characters,'
Phoenix said.
`No. That's not a good idea.'
`How come? The computer's only going to read the first eight
characters and encrypt those. So we should kill all the rest.'
Sometimes Phoenix just didn't get it. But Electron didn't rub it in.
He kept it low-key, so as not to bruise Phoenix's ego. Often Electron
sensed Phoenix sought approval from the older hacker, but it was a
subtle, perhaps even unconscious search.
`Nah,' Electron began, `See, someone might use the whole word,
Commerce or Commercial. The first eight letters of these words are not
the same. The eighth character in Commerce is "e", but in Commercial
it's "i".'
There was a short silence.
`Yeah,' Electron went on, `but you could kill all the words
like Commercially, and Commercialism, that come after Commercial.
See?'
`Yeah. OK. I see,' Phoenix said.
`But don't just kill every word longer than eight characters,'
Electron added.
`Hmm. OK. Yeah, all right.' Phoenix seemed a bit out of sorts. `Hey,'
he brightened a bit, `it's been a whole ten minutes since my machine
crashed.'
`Yeah?' Electron tried to sound interested.
`Yeah. You know,' Phoenix changed the subject to his favourite topic,
`what we really need is Deszip. Gotta get that.' Deszip was a computer
program which could be used for password cracking.
`And Zardoz. We need Zardoz,' Electron added. Zardoz was a restricted
electronic publication detailing computer security holes.
`Yeah. Gotta try to get into Spaf's machine. Spaf'll have it for
sure.' Eugene Spafford, Associate Professor of Computer Science at
Purdue University in the US, was one of the best known computer
security experts on the Internet in 1990.
`Yeah.'
And so began their hunt for the holy grail.
Deszip and Zardoz glittered side by side as the most coveted prizes in
the world of the international Unix hacker.
Cracking passwords took time and computer resources. Even a moderately
powerful university machine would grunt and groan under the weight of
the calculations if it was asked to do. But the Deszip program could
change that, lifting the load until it was, by comparison,
feather-light. It worked at breathtaking speed and a hacker using
Deszip could crack encrypted passwords up to 25 times faster.
Zardoz, a worldwide security mailing list, was also precious, but for
a different reason. Although the mailing list's formal name was
Security Digest, everyone in the underground simply called it Zardoz,
after the computer from which the mailouts originated. Zardoz also
happened to be the name of a science fiction cult film starring Sean
Connery. Run by Neil Gorsuch, the Zardoz mailing list contained
articles, or postings, from various members of the computer security
industry. The postings discussed newly discovered bugs--problems with
a computer system which could be exploited to break into or gain root
access on a machine. The beauty of the bugs outlined in Zardoz was
that they worked on any computer system using the programs or
operating systems it described. Any university, any military system,
any research institute which ran the software documented in Zardoz was
vulnerable. Zardoz was a giant key ring, full of pass keys made to fit
virtually every lock.
True, system administrators who read a particular Zardoz posting might
take steps to close up that security hole. But as the hacking
community knew well, it was a long time between a Zardoz posting and a
shortage of systems with that hole. Often a bug worked on many
computers for months--sometimes years--after being announced on
Zardoz.
Why? Many admins had never heard of the bug when it was first
announced. Zardoz was an exclusive club, and most admins simply
weren't members. You couldn't just walk in off the street and sign up
for Zardoz. You had to be vetted by peers in the computer security
industry. You had to administer a legitimate computer system,
preferably with a large institution such as a university or a research
body such as CSIRO. Figuratively speaking, the established members of
the Zardoz mailing list peered down their noses at you and determined
if you were worthy of inclusion in Club Zardoz. Only they decided if
you were trustworthy enough to share in the great security secrets of
the world's computer systems.
In 1989, the white hats, as hackers called the professional security
gurus, were highly paranoid about Zardoz getting into the wrong hands.
So much so, in fact, that many postings to Zardoz were fine examples
of the art of obliqueness. A computer security expert would hint at a
new bug in his posting without actually coming out and explaining it
in what is commonly referred to as a `cookbook' explanation.
This led to a raging debate within the comp-sec industry. In one
corner, the cookbook purists said that bulletins such as Zardoz were
only going to be helpful if people were frank with each other. They
wanted people posting to Zardoz to provide detailed, step-by-step
explanations on how to exploit a particular security hole. Hackers
would always find out about bugs one way or another and the best way
to keep them out of your system was to secure it properly in the first
place. They wanted full disclosure.
In the other corner, the hard-line, command-and-control computer
security types argued that posting an announcement to Zardoz posed the
gravest of security risks. What if Zardoz fell into the wrong hands?
Why, any sixteen-year-old hacker would have step-by-step directions
showing how to break into thousands of individual computers! If you
had to reveal a security flaw--and the jury was still out in their
minds as to whether that was such a good idea--it should be done only
in the most oblique terms.
What the hard-liners failed to understand was that world-class hackers
like Electron could read the most oblique, carefully crafted Zardoz
postings and, within a matter of days if not hours, work out exactly
how to exploit the security hole hinted at in the text. After which
they could just as easily have written a cookbook version of the
security bug.
Most good hackers had come across one or two issues of Zardoz in their
travels, often while rummaging though the system administrator's mail
on a prestigious institution's computer. But no-one from the elite of
the Altos underground had a full archive of all the back issues. The
hacker who possessed that would have details of every major security
hole discovered by the world's best computer security minds since at
least 1988.
Like Zardoz, Deszip was well guarded. It was written by computer
security expert Dr Matthew Bishop, who worked at NASA's Research
Institute for Advanced Computer Science before taking up a teaching
position at Dartmouth, an Ivy League college in New Hampshire. The
United States government deemed Deszip's very fast encryption
algorithms to be so important, they were classified as armaments. It
was illegal to export them from the US.
Of course, few hackers in 1990 had the sophistication to use weapons
such as Zardoz and Deszip properly. Indeed, few even knew they
existed. But Electron and Phoenix knew, along with a tiny handful of
others, including Pad and Gandalf from Britain. Congregating on Altos
in Germany, they worked with a select group of others carefully
targeting sites likely to contain parts of their holy grail. They were
methodical and highly strategic, piecing information together with
exquisite, almost forensic, skill. While the common rabble of other
hackers were thumping their heads against walls in brute-force attacks
on random machines, these hackers spent their time hunting for
strategic pressure points--the Achilles' heels of the computer
security community.
They had developed an informal hit list of machines, most of which
belonged to high-level computer security gurus. Finding one or two
early issues of Zardoz, Electron had combed through their postings
looking not just on the surface--for the security bugs--but also
paying careful attention to the names and addresses of the people
writing articles. Authors who appeared frequently in Zardoz, or had
something intelligent to say, went on the hit list. It was those
people who were most likely to keep copies of Deszip or an archive of
Zardoz on their machines.
Electron had searched across the world for information about Deszip
and DES (Data Encryption Standard), the original encryption program
later used in Deszip. He hunted through computers at the University of
New York, the US Naval Research Laboratories in Washington DC,
Helsinki University of Technology, Rutgers University in New Jersey,
Melbourne University and Tampere University in Finland, but the search
bore little fruit. He found a copy of CDES, a public domain encryption
program which used the DES algorithm, but not Deszip. CDES could be
used to encrypt files but not to crack passwords.
The two Australian hackers had, however, enjoyed a small taste of
Deszip. In 1989 they had broken into a computer at Dartmouth College
called Bear. They discovered Deszip carefully tucked away in a corner
of Bear and had spirited a copy of the program away to a safer machine
at another institution.
It turned out to be a hollow victory. That copy of Deszip had been
encrypted with Crypt, a program based on the German Enigma machine
used in World War II. Without the passphrase--the key to unlock the
encryption--it was impossible to read Deszip. All they could do was
stare, frustrated, at the file name Deszip labelling a treasure just
out of reach.
Undaunted, the hackers decided to keep the encrypted file just in case
they ever came across the passphrase somewhere--in an email letter,
for example--in one of the dozens of new computers they now hacked
regularly. Relabelling the encrypted Deszip file with a more innocuous
name, they stored the copy in a dark corner of another machine.
Thinking it wise to buy a little insurance as well, they gave a second
copy of the encrypted Deszip to Gandalf, who stored it on a machine in
the UK in case the Australians' copy disappeared unexpectedly.
In January 1990, Electron turned his attention to getting Zardoz.
After carefully reviewing an old copy of Zardoz, he had discovered a
system admin in Melbourne on the list. The subscriber could well have
the entire Zardoz archive on his machine, and that machine was so
close--less than half an hour's drive from Electron's home. All
Electron had to do was to break into the CSIRO.
The Commonwealth Scientific and Industrial Research Organisation, or
CSIRO, is a government owned and operated research body with many
offices around Australia. Electron only wanted to get into one: the
Division of Information Technology at 55 Barry Street, Carlton, just
around the corner from the University of Melbourne.
Rummaging through a Melbourne University computer, Electron had
already found one copy of the Zardoz archive, belonging to a system
admin. He gathered it up and quietly began downloading it to his
computer, but as his machine slowly siphoned off the Zardoz copy, his
link to the university abruptly went dead. The admin had discovered
the hacker and quickly killed the connection. All of which left
Electron back at square one--until he found another copy of Zardoz on
the CSIRO machine.
It was nearly 3 a.m. on 1 February 1990, but Electron wasn't tired.
His head was buzzing. He had just successfully penetrated an account
called Worsley on the CSIRO computer called
DITMELA, using the sendmail bug. Electron assumed
DITMELA stood for Division of Information Technology, Melbourne,
computer `A'.
Electron began sifting through Andrew Worsley's directories that day.
He knew Zardoz was in there somewhere, since he had seen it before.
After probing the computer, experimenting with different security
holes hoping one would let him inside, Electron managed to slip in
unnoticed. It was mid-afternoon, a bad time to hack a computer since
someone at work would likely spot the intruder before long. So
Electron told himself this was just a reconnaissance mission. Find out
if Zardoz was on the machine, then get out of there fast and come back
later--preferably in the middle of the night--to pull Zardoz out.
When he found a complete collection of Zardoz in Worsley's directory,
Electron was tempted to try a grab and run. The problem was that, with
his slow modem, he couldn't run very quickly. Downloading Zardoz would
take several hours. Quashing his overwhelming desire to reach out and
grab Zardoz then and there, he slipped out of the machine noiselessly.
Early next morning, an excited and impatient Electron crept back into
DITMELA and headed straight for Worsley's directory. Zardoz was still
there. And a sweet irony. Electron was using a security bug he had
found on an early issue of Zardoz to break into the computer which
would surrender the entire archive to him.
Getting Zardoz out of the CSIRO machine was going to be a little
difficult. It was a big archive and at 300 baud--30 characters per
second--Electron's modem would take five hours to siphon off an entire
copy. Using the CAT command, Electron made copies of all the Zardoz
issues and bundled them up into one 500 k file. He called the new file
.t and stored it in the temporary directory on DITMELA.
Then he considered what to do next. He would mail the Zardoz bundle to
another account outside the CSIRO computer, for safe-keeping. But
after that he had to make a choice: try to download the thing himself
or hang up, call Phoenix and ask him to download it.
Using his 2400 baud modem, Phoenix would be able to download the
Zardoz bundle eight times faster than Electron could. On the other
hand, Electron didn't particularly want to give Phoenix access to the
CSIRO machine. They had both been targeting the machine, but he hadn't
told Phoenix that he had actually managed to get in. It wasn't that he
planned on withholding Zardoz when he got it. Quite the contrary,
Electron wanted Phoenix to read the security file so they could bounce
ideas off each other. When it came to accounts, however, Phoenix had a
way of messing things up. He talked too much. He was simply not
discreet.
While Electron considered his decision, his fingers kept working at
the keyboard. He typed quickly, mailing copies of the Zardoz bundle to
two hacked student accounts at Melbourne University. With the
passwords to both accounts, he could get in whenever he wanted and he
wasn't taking any chances with this precious cargo. Two accounts were
safer than one--a main account and a back-up in case someone changed
the password on the first one.
Then, as the DITMELA machine was still in the process of mailing the
Zardoz bundle off to the back-up sites, Electron's connection suddenly
died.
The CSIRO machine had hung up on him, which probably meant one thing.
The admin had logged him off. Electron was furious. What the hell was
a system administrator doing on a computer at this hour? The admin was
supposed to be asleep! That's why Electron logged on when he did. He
had seen Zardoz on the CSIRO machine the day before but he had been so
patient refusing to touch it because the risk of discovery was too
great. And now this.
The only hope was to call Phoenix and get him to login to the
Melbourne Uni accounts to see if the mail had arrived safely. If so,
he could download it with his faster modem before the CSIRO admin had
time to warn the Melbourne Uni admin, who would change the passwords.
Electron got on the phone to Phoenix. They had long since stopped
caring about what time of day they rang each other. 10 p.m. 2 a.m.
4.15 a.m. 6.45 a.m.
`Yeah.' Electron greeted Phoenix in the usual way.
`Yup,' Phoenix responded.
Electron told Phoenix what happened and gave him the two accounts at
Melbourne University where he had mailed the Zardoz bundle.
Phoenix hung up and rang back a few minutes later. Both accounts were
dead. Someone from Melbourne University had gone in and changed the
passwords within 30 minutes of Electron being booted off the CSIRO
computer. Both hackers were disturbed by the implications of this
event. It meant someone--in fact probably several people--were onto
them. But their desperation to get Zardoz overcame their fear.
Electron had one more account on the CSIRO computer. He didn't want to
give it to Phoenix, but he didn't have a choice. Still, the whole
venture was filled with uncertainty. Who knew if the Zardoz bundle was
still there? Surely an admin who bothered to kick Electron out would
move Zardoz to somewhere inaccessible. There was, however, a single
chance.
When Electron read off the password and username, he told Phoenix to
copy the Zardoz bundle to a few other machines on the Internet instead
of trying to download it to his own computer. It would be much
quicker, and the CSIRO admin wouldn't dare break into someone else's
computers to delete the copied file. Choosing overseas sites would
make it even harder for the admin to reach the admins of those
machines and warn them in time. Then, once Zardoz was safely tucked
away in a few back-up sites, Phoenix could download it over the
Internet from one of those with less risk of being booted off the
machine halfway through the process.
Sitting at his home in Kelvin Grove, Thornbury, just two suburbs north
of the CSIRO machine, Ian Mathieson watched the hacker break into his
computer again. Awoken by a phone call at 2.30 a.m. telling him there
was a suspected hacker in his computer, Mathieson immediately logged
in to his work system, DITMELA, via his home computer and modem. The
call, from David Hornsby of the Melbourne University Computer Science
Department, was no false alarm.
After watching the unknown hacker, who had logged in through a
Melbourne University machine terminal server, for about twenty
minutes, Mathieson booted the hacker off his system. Afterwards he
noticed that the DITMELA computer was still trying to execute a
command issued by the hacker. He looked a little closer, and
discovered DITMELA was trying to deliver mail to two Melbourne
University accounts.
The mail, however, hadn't been completely delivered. It was still
sitting in the mail spool, a temporary holding pen for undelivered
mail. Curious as to what the hacker would want so much from his
system, Mathieson moved the file into a subdirectory to look at it. He
was horrified to find the entire Zardoz archive, and he knew exactly
what it meant. These were no ordinary hackers--they were precision
fliers. Fortunately, Mathieson
consoled himself, he had stopped the mail before it had been sent out
and secured it.
Unfortunately, however, Mathieson had missed Electron's original
file--the bundle of Zardoz copies. When Electron had mailed the file,
he had copied it, leaving the original intact. They were still sitting
on DITMELA under the unassuming name .t. Mailing a file didn't delete
it--the computer only sent a copy of the original. Mathieson was an
intelligent man, a medical doctor with a master's degree in computer
science, but he had forgotten to check the temporary directory, one of
the few places a hacker could store files on a Unix system if he
didn't have root privileges.
At exactly 3.30 a.m. Phoenix logged into DITMELA from the University
of Texas. He quickly looked in the temporary directory. The .t file
was there, just as Electron had said it would be. The hacker quickly
began transferring it back to the University of Texas.
He was feeling good. It looked like the Australians were going to get
the entire Zardoz collection after all. Everything was going extremely
well--until the transfer suddenly died. Phoenix had forgotten to check
that there was enough disk space available on the University of Texas
account to download the sizeable Zardoz bundle. Now, as he was logged
into a very hot machine, a machine where the admin could well be
watching his every move, he discovered there wasn't enough room for
the Zardoz file.
Aware that every second spent on-line to DITMELA posed a serious risk,
Phoenix logged off the CSIRO machine immediately. Still connected to
the Texas computer, he fiddled around with it, deleting other files
and making enough room to pull the whole 500 k Zardoz file across.
At 3.37 a.m. Phoenix entered DITMELA again. This time, he vowed,
nothing would go wrong. He started up the file transfer and waited.
Less than ten minutes later, he logged off the CSIRO computer and
nervously checked the University of Texas system. It was there.
Zardoz, in all its glory. And it was his! Phoenix was ecstatic.
He wasn't done yet and there was no time for complacency. Swiftly, he
began compressing and encrypting Zardoz. He
compressed it because a smaller file was less obvious on the Texas
machine and was faster to send to a back-up machine. He encrypted it
so no-one nosing around the file would be able to see what was in it.
He wasn't just worried about system admins; the Texas system was
riddled with hackers, in part because it was home to his friend,
Legion of Doom hacker Erik Bloodaxe, a
student at the university.
After Phoenix was satisfied Zardoz was safe, he rang Electron just
before 4 a.m. with the good news. By 8.15, Phoenix had downloaded
Zardoz from the Texas computer onto his own machine. By 1.15 p.m.,
Electron had downloaded it from Phoenix's machine to his own.
Zardoz had been a difficult conquest, but Deszip would prove to be
even more so. While dozens of security experts possessed complete
Zardoz archives, far fewer people had Deszip. And, at least
officially, all of them were in the US.
The US government banned the export of cryptography algorithms. To
send a copy of Deszip, or DES or indeed any other encryption program
outside the US was a crime. It was illegal because the US State
Department's Office of Defense Trade Controls considered any
encryption program to be a weapon. ITAR, the International Traffic in
Arms Regulations stemming from the US Arms Export Control Act 1977,
restricted publication of and trad in `defense articles'. It didn't
matter whether you flew to Europe with a disk in your pocket, or you
sent the material over the Internet. If you violated ITAR, you faced
the prospect of prison.
Occasionally, American computer programmers discreetly slipped copies
of encryption programs to specialists in their field outside the US.
Once the program was outside the US, it was fair game--there was
nothing US authorities could do about someone in Norway sending Deszip
to a colleague in Australia. But even so, the comp-sec and
cryptography communities outside the US still held programs such as
Deszip very tightly within their own inner sanctums.
All of which meant that Electron and Phoenix would almost certainly
have to target a site in the US. Electron continued to compile a hit
list, based on the Zardoz mailing list, which he gave to Phoenix. The
two hackers then began searching the growing Internet for computers
belonging to the targets.
It was an impressive hit list. Matthew Bishop, author of Deszip.
Russell Brand, of the Lawrence Livermore National Labs, a research
laboratory funded by the US Department of Energy. Dan Farmer, an
author of the computer program COPS, a popular security-testing
program which included a password cracking program. There were others.
And, at the top of the list, Eugene Spafford, or Spaf, as the hackers
called him.
By 1990, the computer underground viewed Spaf not just as security
guru, but also as an anti-hacker zealot. Spaf was based at Purdue
University, a hotbed of computer security experts. Bishop had earned
his PhD at Purdue and Dan Farmer was still there. Spaf was also one of
the founders of usenet, the Internet newsgroups service. While working
as a computer scientist at the university, he had made a name for
himself by, among other things, writing a technical analysis of the
RTM worm. The worm, authored by Cornell University student Robert T.
Morris Jr in 1988, proved to be a boon for Spaf's career.
Prior to the RTM worm, Spaf had been working in software engineering.
After the worm, he became a computer ethicist and a very public
spokesman for the conservatives in the computer security industry.
Spaf went on tour across the US, lecturing the public and the media on
worms, viruses and the ethics of hacking. During the Morris case,
hacking became a hot topic in the United States, and Spaf fed the
flames. When Judge Howard G. Munson refused to sentence Morris to
prison, instead ordering him to complete 400 hours community service,
pay a $10000 fine and submit to three years probation, Spaf publicly
railed against the decision. The media reported that he had called on
the computer industry to boycott any company which chose to employ
Robert T. Morris Jr.
Targeting Spaf therefore served a dual purpose for the Australian
hackers. He was undoubtedly a repository of treasures such as Deszip,
and he was also a tall poppy.
One night, Electron and Phoenix decided to break into Spaf's machine
at Purdue to steal a copy of Deszip. Phoenix would do the actual
hacking, since he had the fast modem, but he would talk to Electron
simultaneously on the other phone line. Electron would guide him at
each step. That way, when Phoenix hit a snag, he wouldn't have to
retreat to regroup and risk discovery.
Both hackers had managed to break into another computer at Purdue,
called Medusa. But Spaf had a separate machine, Uther, which was
connected to Medusa.
Phoenix poked and prodded at Uther, trying to open a hole wide enough
for him to crawl through. At Electron's suggestion, he tried to use
the CHFN bug. The CHFN command lets users change the information
provided--such as their name, work address or office phone
number--when someone `fingers' their accounts. The bug had appeared in
one of the Zardoz files and Phoenix and Electron had already used it
to break into several other machines.
Electron wanted to use the CHFN bug because, if the attack was
successful, Phoenix would be able to make a root account for himself
on Spaf's machine. That would be the ultimate slap in the face to a
high-profile computer security guru.
But things weren't going well for Phoenix. The frustrated Australian
hacker kept telling Electron that the bug should work, but it
wouldn't, and he couldn't figure out why. The problem, Electron
finally concluded, was that Spaf's machine was a Sequent. The CHFN bug
depended on a particular Unix password file structure, but Sequents
used a different structure. It didn't help that Phoenix didn't know
that much about Sequents--they were one of Gandalf's specialties.
After a few exasperating hours struggling to make the CHFN bug work,
Phoenix gave up and turned to another security flaw suggested by
Electron: the FTP bug. Phoenix ran through the bug in his mind.
Normally, someone used FTP, or file transfer protocol, to transfer
files over a network, such as the Internet, from one computer to
another. FTPing to another machine was a bit like telnetting, but the
user didn't need a password to login and the commands he could execute
once in the other computer were usually very limited.
If it worked, the FTP bug would allow Phoenix to slip in an extra
command during the FTP login process. That command would force Spaf's
machine to allow Phoenix to login as anyone he wanted--and what he
wanted was to login as someone who had root privileges. The `root'
account might be a little obvious
if anyone was watching, and it didn't always have remote
access anyway. So he chose `daemon', another commonly root-privileged
account, instead.
It was a shot in the dark. Phoenix was fairly sure Spaf would have
secured his machine against such an obvious attack, but Electron urged
him to give it a try anyway. The FTP bug had been announced throughout
the computer security community long ago, appearing in an early issue
of Zardoz. Phoenix hesitated, but he had run out of ideas, and time.
Phoenix typed:
FTP -i uther.purdue.edu
quote user anonymous
quote cd ~daemon
quote pass anything
The few seconds it took for his commands to course from his suburban
home in Melbourne and race deep into the Midwest felt like a lifetime.
He wanted Spaf's machine, wanted Deszip, and wanted this attack to
work. If he could just get Deszip, he felt the Australians would be
unstoppable.
Spaf's machine opened its door as politely as a doorman at the Ritz
Carlton. Phoenix smiled at his computer. He was in.
It was like being in Aladdin's cave. Phoenix just sat there, stunned
at the bounty which lay before him. It was his, all his. Spaf had
megabytes of security files in his directories. Source code for the
RTM Internet worm. Source code for the WANK worm. Everything. Phoenix
wanted to plunge his hands in each treasure chest and scoop out greedy
handfuls, but he resisted the urge. He had a more important--a more
strategic--mission to accomplish first.
He prowled through the directories, hunting everywhere for Deszip.
Like a burglar scouring the house for the family silver, he pawed
through directory after directory. Surely, Spaf had to have Deszip. If
anyone besides Matthew Bishop was going to have a copy, he would. And
finally, there it was. Deszip. Just waiting for Phoenix.
Then Phoenix noticed something else. Another file. Curiosity got the
better of him and he zoomed in to have a quick look. This one
contained a passphrase--the passphrase. The phrase the Australians
needed to decrypt the original copy of Deszip they had stolen from the
Bear computer at Dartmouth three months earlier. Phoenix couldn't
believe the passphrase. It was so simple, so obvious. But he caught
himself. This was no time to cry over spilled milk. He had to get
Deszip out of the machine quickly, before anyone noticed he was there.
But as Phoenix began typing in commands, his screen appeared to freeze
up. He checked. It wasn't his computer. Something was wrong at the
other end. He was still logged into Spaf's machine. The connection
hadn't been killed. But when he typed commands, the computer in West
Lafayette, Indiana, didn't respond. Spaf's machine just sat there,
deaf and dumb.
Phoenix stared at his computer, trying to figure out what was
happening. Why wouldn't Spaf's machine answer? There were two
possibilities. Either the network--the connection between the first
machine he penetrated at Purdue and Spaf's own machine--had gone down
accidentally. Or someone had pulled the plug.
Why pull the plug? If they knew he was in there, why not just kick him
out of the machine? Better still, why not kick him out of Purdue all
together? Maybe they wanted to keep him on-line to trace which machine
he was coming from, eventually winding backwards from system to
system, following his trail.
Phoenix was in a dilemma. If the connection had crashed by accident,
he wanted to stay put and wait for the network to come back up again.
The FTP hole in Spaf's machine was an incredible piece of luck.
Chances were that someone would find
evidence of his break-in after he left and plug it. On the
other hand, he didn't want the people at Purdue tracing his
connections.
He waited a few more minutes, trying to hedge his bets. Feeling nervy
as the extended silence emanating from Spaf's machine wore on, Phoenix
decided to jump. With the lost treasures of Aladdin's cave fading in
his mind's eye like a mirage, Phoenix killed his connection.
Electron and Phoenix talked on the phone, moodily contemplating their
losses. It was a blow, but Electron reminded himself that getting
Deszip was never going to be easy. At least they had the passphrase to
unlock the encrypted Deszip taken from Dartmouth.
Soon, however, they discovered a problem. There had to be one,
Electron thought. They couldn't just have something go off without a
hitch for a change. That would be too easy. The problem this time was
that when they went searching for their copy from Dartmouth, which had
been stored several months before, it had vanished. The Dartmouth
system admin must have deleted it.
It was maddening. The frustration was unbearable. Each time they had
Deszip just within their grasp, it slipped away and
disappeared. Yet each time they lost their grip, it only deepened
their desire to capture the elusive prize. Deszip was fast becoming an
all-consuming obsession for Phoenix and Electron.
Their one last hope was the second copy of the encrypted Dartmouth
Deszip file they had given to Gandalf, but that hope did not burn
brightly. After all, if the Australians' copy had been deleted, there
was every likelihood that the Brit's copy had suffered the same fate.
Gandalf's copy hadn't been stored on his own computer. He had put it
on some dark corner of a machine in Britain.
Electron and Phoenix logged onto Altos and waited for Pad or Gandalf
to show up.
Phoenix typed .s for a list of who was on-line. He saw that Pad was
logged on:
No Chan User
0 Guest
1 Phoenix
2 Pad
Guest 0 was Electron. He usually logged on as Guest, partly because he
was so paranoid about being busted and because he believed operators
monitored his connections if they knew it was Electron logging in.
They seemed to take great joy in sniffing the password to his own
account on Altos. Then, when he had logged off, they logged in and
changed his password so he couldn't get back under the name Electron.
Nothing was more annoying. Phoenix typed, `Hey, Pad. How's it going?'
Pad wrote back, `Feeny! Heya.'
`Do you and Gand still have that encrypted copy of Deszip we gave you
a few months ago?'
`Encrypted copy ... hmm. Thinking.' Pad paused. He and Gandalf hacked
dozens of computer systems regularly. Sometimes it was difficult to
recall just where they had stored things.
`Yeah, I know what you mean. I don't know. It was on a system on
JANET,' Pad said. Britain's Joint Academic Network was the equivalent
of Australia's AARNET, an early Internet based largely on a backbone
of universities and research centres.
`I can't remember which system it was on,' Pad continued.
If the Brits couldn't recall the institution, let alone the machine
where they had hidden Deszip, it was time to give up
all hope. JANET comprised hundreds, maybe thousands, of machines. It
was far too big a place to randomly hunt around for a file which
Gandalf would no doubt have tried to disguise in the first place.
`But the file was encrypted, and you didn't have the password,' Pad
wrote. `How come you want it?'
`Because we found the password. <smile>' That was the
etiquette on Altos. If you wanted to suggest an action, you put it in
< >.
`Gr8!' Pad answered.
That was Pad and Gandalf's on-line style. The number eight was the
British hackers' hallmark, since their group was called 8lgm, and they
used it instead of letters. Words like `great', `mate' and `later'
became `gr8', `m8' and `l8r'.
When people logged into Altos they could name a `place' of origin for
others to see. Of course, if you were logging from a country which had
laws against hacking, you wouldn't give your real country. You'd just
pick a place at random. Some people logged in from places like
Argentina, or Israel. Pad and Gandalf logged in from 8lgm.
`I'll try to find Gandalf and ask him if he knows where we stashed the
copy,' Pad wrote to Phoenix.
`Good. Thanks.'
While Phoenix and Electron waited on-line for Pad to return, Par
showed up on-line and joined their conversation. Par didn't know who
Guest 0 was, but Guest certainly knew who Par was. Time hadn't healed
Electron's old wounds when it came to Par. Electron didn't really
admit to himself the bad blood was still there over Theorem. He told
himself that he couldn't be bothered with Par, that Par was just a
phreaker, not a real hacker, that Par was lame.
Phoenix typed, `Hey, Par. How's it going?'
`Feenster!' Par replied. `What's happening?'
`Lots and lots.'
Par turned his attention to the mystery Guest 0. He didn't want to
discuss private things with someone who might be a security guy
hanging around the chat channel like a bad smell.
`Guest, do you have a name?' Par asked.
`Yeah. It's "Guest--#0".'
`You got any other names?'
There was a long pause.
Electron typed, `I guess not.'
`Any other names besides dickhead that is?'
Electron sent a `whisper'--a private message--to Phoenix telling him
not to tell Par his identity.
`OK. Sure,' Phoenix whispered back. To show he would play along with
whatever Electron had in mind, Phoenix added a sideways smiley face at
the end: `:-)'.
Par didn't know Electron and Phoenix were whispering to each other. He
was still waiting to find out the identity of Guest. `Well, speak up,
Guest. Figured out who you are yet?'
Electron knew Par was on the run at the time. Indeed, Par had been on
the run from the US Secret Service for more than six months by the
beginning of 1990. He also knew Par was highly paranoid.
Electron took aim and fired.
`Hey, Par. You should eat more. You're looking underFED these days.'
Par was suddenly silent. Electron sat at his computer, quietly
laughing to himself, halfway across the world from Par. Well, he
thought, that ought to freak out Par a bit. Nothing like a subtle hint
at law enforcement to drive him nuts.
`Did you see THAT?' Par whispered to Phoenix. `UnderFED. What did he
mean?'
`I dunno,' Phoenix whispered back. Then he forwarded a copy of Par's
private message on to Electron. He knew it would make him laugh.
Par was clearly worried. `Who the fuck are you?' he whispered to
Electron but Guest 0 didn't answer.
With growing anxiety, Par whispered to Phoenix, `Who IS this guy? Do
you know him?'
Phoenix didn't answer.
`Because, well, it's weird. Didn't you see? FED was in caps. What the
fuck does that mean? Is he a fed? Is he trying to give me a message
from the feds?'
Sitting at his terminal, on the other side of Melbourne from Electron,
Phoenix was also laughing. He liked Par, but the American was an easy
target. Par had become so paranoid since he went on the run across the
US, and Electron knew just the right buttons to push.
`I don't know,' Phoenix whispered to Par. `I'm sure he's not really a
fed.'
`Well, I am wondering about that comment,' Par whispered back.
`UnderFED. Hmm. Maybe he knows something. Maybe it's some kind of
warning. Shit, maybe the Secret Service knows where I am.'
`You think?' Phoenix whispered to Par. `It might be a warning of some
kind?' It was too funny.
`Can you check his originating NUA?' Par wanted to know what network
address the mystery guest was coming from. It might give him a clue as
to the stranger's identity.
Phoenix could barely contain himself. He kept forwarding the private
messages on to Electron. Par was clearly becoming more agitated.
`I wish he would just tell me WHO he was,' Par whispered. `Shit. It is
very fucking weird. UnderFED. It's spinning me out.'
Then Par logged off.
Electron typed, `I guess Par had to go. <Grin>' Then, chuckling to
himself, he waited for news on Gandalf's Deszip copy.
If Pad and Gandalf hadn't kept their copy of Deszip, the Australians
would be back to square one, beginning with a hunt for a system which
even had Deszip. It was a daunting task and by the time Pad and
Gandalf finally logged back into Altos, Phoenix and Electron had
become quite anxious.
`How did you go?' Phoenix asked. `Do you still have Deszip?'
`Well, at first I thought I had forgotten which system I left it on
...'
Electron jumped in, `And then?'
`Then I remembered.'
`Good news?' Phoenix exclaimed.
`Well, no. Not exactly,' Gandalf said. `The account is dead.'
Electron felt like someone had thrown a bucket of cold water on him.
`Dead? Dead how?' he asked.
`Dead like someone changed the password. Not sure why. I'll have to
re-hack the system to get to the file.'
`Fuck, this Deszip is frustrating,' Electron wrote.
`This is getting ridiculous,' Phoenix added.
`I don't even know if the copy is still in there,' Gandalf replied. `I
hid it, but who knows? Been a few months. Admins might have deleted
it.'
`You want some help hacking the system again, Gand?' Phoenix asked.
`Nah, It'll be easy. It's a Sequent. Just have to hang around until
the ops go home.'
If an op was logged on and saw Gandalf hunting around, he or she might
kick Gandalf off and investigate the file which so interested the
hacker. Then they would lose Deszip all over again.
`I hope we get it,' Pad chipped in. `Would be gr8!'
`Gr8 indeed. Feen, you've got the key to the encryption?' Gandalf
asked.
`Yeah.'
`How many characters is it?' It was Gandalf's subtle way of asking for
the key itself.
Phoenix wasn't sure what to do. He wanted to give the British hackers
the key, but he was torn. He needed Pad and Gandalf's help to get the
copy of Deszip, if it was still around. But he knew Electron was
watching the conversation, and Electron was always so paranoid. He
disliked giving out any information, let alone giving it over Altos,
where the conversations were possibly logged by security people.
`Should I give him the key?' Phoenix whispered to Electron.
Gandalf was waiting. To fend him off, Phoenix said, `It's 9 chars.'
Chars was short for characters. On Altos the rule was to abbreviate
where ever possible.
`What is the first char?'
`Yeah. Tell him,' Electron whispered to Phoenix.
`Well, the key is ...'
`You're going to spew when you find out, Gand,' Electron interrupted.
`Yes ... go on,' Gandalf said. `I am listening.'
`You won't believe it. <spew spew spew> The key is ... Dartmouth.'
`WHAT???? WHAT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!' Gandalf exclaimed.
`No!!! IT's NOT TRUE! Bollox! You are KIDDING?'
The British hacker was thumping himself on the head. The name of the
frigging university! What a stupid password!
Phoenix gave an on-line chuckle. `Hehe. Yeah. So hard to guess. We
could have had Deszip for all these months ...'
`Jesus. I hope it's still on that JANET system,' Gandalf said. Now
that he actually had the password, finding the file became even more
urgent.
`Pray. Pray. Pray,' Phoenix said. `Yeah, you should have seen the
licence text on Deszip--it was by NASA.'
`You've seen it? You saw Deszip's source code?'
`No,' Phoenix answered. `When I went back to the BEAR machine to check
if Deszip was still there, the program was gone. But the licence
agreement and other stuff was there. Should have read the licence ...
truly amazing. It basically went on and on about how the people who
wrote it didn't want people like us to get a hold of it. Hehe.'
Electron was growing impatient. `Yeah. So, Gand, when you gonna go
check that JANET system?'
`Now. Fingers crossed, m8! See ya l8r ...' Then he was gone.
The waiting was driving Electron nuts. He kept thinking about Deszip,
about how he could have had it months and months ago. That program was
such a prize. He was salivating at the thought of getting it after all
this time pursuing it around the globe, chasing its trail from system
to system, never quite getting close enough to grab it.
When Gandalf showed up again, Pad, Phoenix and Electron were all over
him in an instant.
`WE FUCKING GOT IT GUYS!!!!!' Gandalf exclaimed.
`Good job m8!' Pad said.
`YES!' Electron added. `Have you decrypted it yet?'
`Not yet. Crypt isn't on that machine. We can either copy Crypt onto
that machine or copy the file onto another computer which already has
Crypt on it,' Gandalf said.
`Let's move it. Quick ... quick ... this damn thing has a habit of
disappearing,' Electron said.
`Yeah, this is the last copy ... the only one I got.'
`OK. Think ... think ... where can we copy it to?' Electron said.
`Texas!' Gandalf wanted to copy it to a computer at the University of
Texas at Austin, home of the LOD hacker Erik Bloodaxe.
Irrepressible, Gandalf came on like a steam roller if he liked
you--and cut you down in a flash if he didn't. His rough-and-tumble
working-class humour particularly appealed to Electron. Gandalf seemed
able to zero in on the things which worried you most--something so
deep or serious it was often unsaid. Then he would blurt it out in
such crass, blunt terms you couldn't help laughing. It was his way of
being in your face in the friendliest possible manner.
`Yeah! Blame everything on Erik!' Phoenix joked. `No, seriously. That
place is crawling with security now, all after Erik. They are into
everything.'
Phoenix had heard all about the security purge at the university from
Erik. The Australian called Erik all the time, mostly by charging the
calls to stolen AT&T cards. Erik hadn't been raided by the Secret
Service yet, but he had been tipped off and was expecting a visit any
day.
`It probably won't decrypt anyway,' Electron said.
`Oh, phuck off!' Gandalf shot back. `Come on! I need a site NOW!'
`Thinking ...' Phoenix said. `Gotta be some place with room--how big
is it?'
`It's 900 k compressed--probably 3 meg when we uncompress it. Come on,
hurry up! How about a university?'
`Princeton, Yale could do either of those.' Electron suggested. `What
about MIT--you hacked an account there recently, Gand?'
`No.'
All four hackers racked their minds for a safe haven. The world was
their oyster, as British and Australian hackers held a real-time
conversation in Germany about whether to hide their treasure in
Austin, Texas; Princeton, New Jersey; Boston, Massachusetts; or New
Haven, Connecticut.
`We only need somewhere to stash it for a little while, until we can
download it,' Gandalf said. `Got to be some machine where we've got
root. And it's got to have anon FTP.'
Anon FTP, or anonymous file transfer protocol, on a host machine would
allow Gandalf to shoot the file from his JANET machine across the
Internet into the host. Most importantly, Gandalf could do so without
an account on the target machine. He could simply login as
`anonymous', a method of access which had more limitations than simply
logging in with a normal account. He would, however, still be able to
upload the file.
`OK. OK, I have an idea,' Phoenix said. `Lemme go check
it out.'
Phoenix dropped out of Altos and connected to the University of Texas.
The physical location of a site didn't matter. His head was spinning
and it was the only place he could think of. But he didn't try to
connect to Happy, the machine he often used which Erik had told him
about. He headed to one of the other university computers, called
Walt.
The network was overloaded. Phoenix was left dangling, waiting to
connect for minutes on end. The lines were congested. He logged back
into Altos and told Pad and Electron. Gandalf was nowhere to be seen.
`Damn,' Electron said. Then, `OK, I might have an idea.'
`No, wait!' Phoenix cut in. `I just thought of a site! And I have root
too! But it's on NASA ...'
`Oh that's OK. I'm sure they won't mind a bit. <grin>'
`I'll go make sure it's still OK. Back in a bit,' Phoenix typed.
Phoenix jumped out of Altos and headed toward NASA. He telnetted into
a NASA computer called CSAB at the Langley Research Center in Hampton,
Virginia. He had been in and out of NASA quite a few times and had
recently made himself a root account on CSAB. First, he had to check
the account was still alive, then he had to make sure the system
administrator wasn't logged in.
Whizzing past the official warning sign about unauthorised access in
US government computers on the login screen, Phoenix typed in his user
name and password.
It worked. He was in. And he had root privileges.
He quickly looked around on the system. The administrator was on-line.
Damn.
Phoenix fled the NASA computer and sprinted back into Altos. Gandalf
was there, along with the other two, waiting for him.
`Well?' Electron asked.
`OK. All right. The NASA machine will work. It has anon FTP. And I
still have root. We'll use that.'
Gandalf jumped in. `Hang on--does it have Crypt?'
`Argh! Forget to check. I think it must.'
`Better check it, m8!'
`Yeah, OK.'
Phoenix felt exasperated, rushing around trying to find sites that
worked. He logged out of Altos and coursed his way back into the NASA
machine. The admin was still logged on, but Phoenix was running out of
time. He had to find out if the computer had Crypt on it. It did.
Phoenix rushed back to Altos. `Back again. We're in business.'
`Yes!' Electron said, but he quickly jumped in with a word of warning.
`Don't say the exact machine at NASA or the account out loud. Whisper
it to Gandalf. I think the ops are listening in on my connection.'
`Well,' Phoenix typed slowly, `there's only one problem. The admin is
logged on.'
`Arghhh!' Electron shouted.
`Just do it,' Pad said. `No time to worry.'
Phoenix whispered the Internet IP address of the NASA machine to
Gandalf.
`OK, m8, I'll anon FTP it to NASA. I'll come back here and tell you
the new filename. Then you go in and decrypt it and uncompress the
file. W8 for me here.'
Ten minutes later, Gandalf returned. `Mission accomplished. The file
is there!'
`Now, go go Pheeny!' Electron said.
`Gand, whisper the filename to me,' Phoenix said.
`The file's called "d" and it's in the pub directory,' Gandalf
whispered.
`OK, folks. Here we go!' Phoenix said as he logged off.
Phoenix dashed to the NASA computer, logged in and looked for the file
named `d'. He couldn't find it. He couldn't even find the pub
directory. He began hunting around the rest of the file system. Where
was the damn thing?
Uh oh. Phoenix noticed the system administrator, Sharon Beskenis, was
still logged in. She was connected from Phoebe, another NASA machine.
There was only one other user besides himself logged into the CSAB
machine, someone called Carrie. As if that wasn't bad enough, Phoenix
realised his username stood out a like a sore thumb. If the admin
looked at who was on-line she would see herself, Carrie and a user
called `friend', an account he had created for himself. How many
legitimate accounts on NASA computers had that name?
Worse, Phoenix noticed that he had forgotten to cover his login trail.
`Friend' was telnetting into the NASA computer from the University of
Texas. No, no, he thought, that would definitely have to go. He
disconnected from NASA, bounced back to the university and then logged
in to NASA again. Good grief. Now the damn NASA machine showed two
people logged in as `friend'. The computer hadn't properly killed his
previous login. Stress.
Phoenix tried frantically to clear out his first login by killing its
process number. The NASA computer responded that there was no such
process number. Increasingly nervous, Phoenix figured he must have
typed in the wrong number. Unhinged, he grabbed one of the other
process numbers and killed that.
Christ! That was the admin's process number. Phoenix had just
disconnected Sharon from her own machine. Things were not going well.
Now he was under serious pressure. He didn't dare logout, because
Sharon would no doubt find his `friend' account, kill it and close up
the security hole he had originally used to get in. Even if she didn't
find Deszip on her own machine, he might not be able to get back in
again to retrieve it.
After another frenzied minute hunting around the machine, Phoenix
finally unearthed Gandalf's copy of Deszip. Now, the moment of truth.
He tried the passphrase. It worked! All he had to do
was uncompress Deszip and get it out of there. He typed, `uncompress
deszip.tar.z', but he didn't like how the NASA computer answered his
command:
corrupt input
Something was wrong, terribly wrong. The file appeared to be partially
destroyed. It was too painful a possibility to contemplate. Even if
only a small part of the main Deszip program had been damaged, none of
it would be useable.
Rubbing sweat from his palms, Phoenix hoped that maybe the file had
just been damaged as he attempted to uncompress it. He had kept the
original, so he went back to that and tried decrypting and
uncompressing it again. The NASA computer gave him the same ugly
response. Urgently, he tried yet again, but this time attempted to
uncompress the file in a different way. Same problem.
Phoenix was at his wits' end. This was too much. The most he could
hope was that the file had somehow become corrupted in the transfer
from Gandalf's JANET machine. He logged out of NASA and returned to
Altos. The other three were waiting impatiently for him.
Electron, still logged in as the mystery Guest, leaped in. `Did it
work?'
`No. Decrypted OK, but the file was corrupted when I tried to
decompress it.'
`Arghhhhhhhhh!!!!!!!' Gandalf exclaimed.
`Fuckfuckfuck,' Electron wrote. `Doomed to fail.'
`Sigh Sigh Sigh,' Pad typed.
Gandalf and Electron quizzed Phoenix in detail about each command he
had used, but in the end there seemed only one hope. Move a copy of
the decryption program to the JANET computer in the UK and try
decrypting and uncompressing Deszip there.
Phoenix gave Gandalf a copy of Crypt and the British hacker went to
work on the JANET computer. A little later he rendezvoused on Altos
again.
Phoenix was beside himself by this stage. `Gand! Work???'
`Well, I decrypted it using the program you gave me ...'
`And And And???' Electron was practically jumping out of his seat at
his computer.
`Tried to uncompress it. It was taking a LONG time. Kept
going--expanded to 8 megabytes.'
`Oh NO. Bad Bad Bad,' Phoenix moaned. `Should only be 3 meg. If it's
making a million files, it's fucked.'
`Christ,' Pad typed. `Too painful.'
`I got the makefile--licensing agreement text etc., but the Deszip
program itself was corrupted,' Gandalf concluded.
`I don't understand what is wrong with it. <Sob>' Phoenix wrote.
`AgonyAgonyAgony,' Electron groaned. `It'll never never never work.'
`Can we get a copy anywhere else?' Gandalf asked.
`That FTP bug has been fixed at Purdue,' Pad answered. `Can't use that
to get in again.'
Disappointment permeated the atmosphere on Altos.
There were, of course, other possible repositories for Deszip. Phoenix
and Electron had already penetrated a computer at Lawrence Livermore
National Labs in California. They had procured root on the gamm5
machine and planned to use it as a launchpad for penetrating security
expert Russell Brand's computer at LLNL, called Wuthel. They were sure
Brand had Deszip on his computer.
It would require a good deal of effort, and possibly another
roller-coaster ride of desire, expectation and possible
disappointment. For now, the four hackers resolved to sign off,
licking their wounds at their defeat in the quest for Deszip.
`Well, I'm off. See you l8r,' Pad said.
`Yeah, me too,' Electron added.
`Yeah, OK. L8r, m8s!' Gandalf said.
Then, just for fun, he added in typical Gandalf style, `See you in
jail!'
Chapter 6 -- Page 1 The New York Times.
Read about it; Just another incredible scene; There's no doubt about it.
-- from `Read About It', 10, 9, 8, 7, 6, 5, 4, 3, 2, 1.
Pad had an important warning for the Australian hackers: the computer
security community was closing in on them. It was the end of February
1990, not long after Phoenix and Electron had captured Zardoz and just
missed out on Deszip. Pad didn't scream or shout the warning, that
wasn't his style. But Electron took in the import of the warning loud
and clear.
`Feen, they know you did over Spaf's machine,' Pad told Phoenix. `They
know it's been you in other systems also. They've got your handle.'
Eugene Spafford was the kind of computer security expert who loses a
lot of face when a hacker gets into his machine, and a wounded bull is
a dangerous enemy.
The security people had been able to connect and link up a series of
break-ins with the hacker who called himself Phoenix because his style
was so distinctive. For example, whenever he was creating a root
shell--root access--for himself, he would always save it in the same
filename and in the same location on the
computer. In some instances, he even created accounts called `Phoenix'
for himself. It was this consistency of style which had made things so
much easier for admins to trace his movements.
In his typical understated fashion, Pad suggested a change of style.
And maybe, he added, it wasn't such a bad idea for the Australians to
tone down their activities a bit. The undercurrent of the message was
serious.
`They said that some security people had contacted Australian law
enforcement, who were supposed to be "dealing with it",' Pad said.
`Do they know my real name?' Phoenix asked, worried. Electron was also
watching this conversation with some concern.
`Don't know. Got it from Shatter. He's not always reliable,
but ...'
Pad was trying to soften the news by playing down Shatter's importance
as a source. He didn't trust his fellow British hacker but Shatter had
some good, if mysterious, connections. An enigmatic figure who seemed
to keep one foot in the computer underworld and the other in the
upright computer security industry, Shatter leaked information to Pad
and Gandalf, and occasionally to the Australians.
While the two British hackers sometimes discounted Shatter's advice,
they also took the time to talk to him. Once, Electron had intercepted
email showing Pengo had turned to Shatter for advice about his
situation after the raid in Germany. With some spare time prior to his
trial, Pengo asked Shatter whether it was safe to travel to the US on
a summer holiday in 1989. Shatter asked for Pengo's birthdate and
other details. Then he returned with an unequivocal answer: Under no
circumstances was Pengo to travel to the US.
Subsequently, it was reported that officials in the US Justice
Department had been examining ways to secretly coax Pengo onto
American soil, where they could seize him. They would then force him
to face trial in their own courts.
Had Shatter known this? Or had he just told Pengo not to go to the US
because it was good commonsense? No-one was quite sure, but people
took note of what Shatter told them.
`Shatter definitely got the info right about Spaf's machine. 100%
right,' Pad continued. `He knew exactly how you hacked it. I couldn't
believe it. Be careful if you're still hacking m8, especially on the
Inet.' The `Inet' was shorthand for the Internet.
The Altos hackers went quiet.
`It's not just you,' Pad tried to reassure the Australians. `Two
security people from the US are coming to the UK to try and find out
something about someone named Gandalf. Oh, and Gand's mate, who might
be called Patrick.'
Pad had indeed based his handle on the name Patrick, or Paddy, but
that wasn't his real name. No intelligent hacker would use his real
name for his handle. Paddy was the name of one of his favourite
university lecturers, an Irishman who laughed a good deal. Like Par's
name, Pad's handle had coincidentally echoed a second meaning when the
British hacker moved into exploring X.25 networks. An X.25 PAD is a
packet assembler disassembler, the interface between the X.25 network
and a modem or terminal server. Similarly, Gandalf, while being first
and foremost the wizard from The Lord of The Rings, also happened to
be a terminal server brand name.
Despite the gravity of the news that the security community was
closing the net around them, none of the hackers lost their wicked
sense of humour.
`You know,' Pad went on, `Spaf was out of the country when his machine
got hacked.'
`Was he? Where?' asked Gandalf, who had just joined the conversation.
`In Europe.'
Electron couldn't resist. `Where was Spaf, Gandalf asks as he hears a
knock on his door ...'
`Haha,' Gandalf laughed.
`<knock> <knock>' Electron went on, hamming it up.
`Oh! Hello there, Mr Spafford,' Gandalf typed, playing along.
`Hello, I'm Gene and I'm mean!'
Alone in their separate homes on different corners of the globe, the
four hackers chuckled to themselves.
`Hello, and is this the man called Patrick?' Pad jumped in.
`Well, Mr Spafford, it seems you're a right fucking idiot for not
patching your FTP!' Gandalf proclaimed.
`Not to mention the CHFN bug--saved by a Sequent! Or you'd be very
fucking embarrassed,' Phoenix added.
Phoenix was laughing too, but he was a little nervous about Pad's
warning and he turned the conversation back to a serious note.
`So, Pad, what else did Shatter tell you?' Phoenix asked
anxiously.
`Not much. Except that some of the security investigations might be
partly because of UCB.'
UCB was the University of California at Berkeley. Phoenix had been
visiting machines at both Berkeley and LLNL so much recently that the
admins seemed to have not only noticed him, but they had pinpointed
his handle. One day he had telnetted into dewey.soe.berkeley.edu--the
Dewey machine as it was known--and had been startled to find the
following message of the day staring him in the face:
Phoenix,
Get out of Dewey NOW!
Also, do not use any of the `soe' machines.
Thank you,
Daniel Berger
Phoenix did a double take when he saw this public warning. Having been
in and out of the system so many times, he just zoomed past the words
on the login screen. Then, in a delayed reaction, he realised the
login message was addressed to him.
Ignoring the warning, he proceeded to get root on the Berkeley machine
and look through Berger's files. Then he sat back, thinking about the
best way to deal with the problem. Finally, he decided to send the
admin a note saying he was leaving the system for good.
Within days, Phoenix was back in the Dewey machine, weaving in and out
of it as if nothing had happened. After all, he had broken into the
system, and managed to get root through his own wit. He had earned the
right to be in the computer. He might send the admin a note to put him
at ease, but Phoenix wasn't going to give up accessing Berkeley's
computers just because it upset Daniel Berger.
`See,' Pad continued, `I think the UCB people kept stuff on their
systems that wasn't supposed to be there. Secret things.'
Classified military material wasn't supposed to be stored
on non-classified network computers. However, Pad guessed that
sometimes researchers broke rules and took short cuts because they
were busy thinking about their research and not the security
implications.
`Some of the stuff might have been illegal,' Pad told his captive
audience. `And then they find out some of you guys have been in there
...'
`Shit,' Phoenix said.
`So, well, if it APPEARED like someone was inside trying to get at
those secrets ...' Pad paused. `Then you can guess what happened. It
seems they really want to get whoever was inside their machines.'
There was momentary silence while the other hackers digested all that
Pad had told them. As a personality on Altos, Pad remained ever so
slightly withdrawn from the other hackers, even the Australians whom
he considered mates. This reserved quality gave his warning a certain
sobriety, which seeped into the very fabric of Altos that day.
Eventually, Electron responded to Pad's warning by typing a comment
directed at Phoenix: `I told you talking to security guys is nothing
but trouble.'
It irritated Electron more and more that Phoenix felt compelled to
talk to white hats in the security industry. In Electron's view,
drawing attention to yourself was just a bad idea all around and he
was increasingly annoyed at watching Phoenix feed his ego. He had made
veiled references to Phoenix's bragging on Altos many times, saying
things like `I wish people wouldn't talk to security guys'.
Phoenix responded to Electron on-line somewhat piously. `Well, I will
never talk to security guys seriously again.'
Electron had heard it all before. It was like listening to an
alcoholic swear he would never touch another drink. Bidding the others
goodbye, Electron logged off. He didn't care to listen to Phoenix any
more.
Others did, however. Hundreds of kilometres away, in a special room
secreted away inside a bland building in Canberra, Sergeant Michael
Costello and Constable William Apro had been methodically capturing
each and every electronic boast as it poured from Phoenix's phone. The
two officers recorded the data transmissions passing in and out of his
computer. They then played this recording into their own modem and
computer and created a text file they could save and use as evidence
in court.
Both police officers had travelled north from Melbourne, where they
worked with the AFP's Computer Crime Unit. Settling into their
temporary desks with their PC and laptop, the officers began their
secret eavesdropping work on 1 February 1990.
It was the first time the AFP had done a datatap. They were happy to
bide their time, to methodically record Phoenix hacking into Berkeley,
into Texas, into NASA, into a dozen computers around the world. The
phone tap warrant was good for 60 days, which was more than enough
time to secrete away a mountain of damning evidence against the
egotistical Realm hacker. Time was on their side.
The officers worked the Operation Dabble job in shifts. Constable Apro
arrived at the Telecommunications Intelligence Branch of the AFP at 8
p.m. Precisely ten hours later, at 6 the next morning, Sergeant
Costello relieved Apro, who knocked off for a good sleep. Apro
returned again at 8 p.m. to begin the night shift.
They were there all the time. Twenty-four hours a day. Seven days a
week. Waiting and listening.
It was too funny. Erik Bloodaxe in Austin, Texas, couldn't stop
laughing. In Melbourne, Phoenix's side hurt from laughing so much.
Phoenix loved to talk on the phone. He often called Erik, sometimes
every day, and they spoke for ages. Phoenix didn't worry about cost;
he wasn't paying for it. The call would appear on some poor sod's bill
and he could sort it out with the phone company.
Sometimes Erik worried a little about whether Phoenix wasn't going to
get himself in a jam making all these international calls. Not that he
didn't like talking to the Australian; it was a hoot. Still, the
concern sat there, unsettled, in the back of his mind. A few times he
asked Phoenix about it.
`No prob. Hey, AT&T isn't an Australian company,' Phoenix would say.
`They can't do anything to me.' And Erik had let it rest at that.
For his part, Erik didn't dare call Phoenix, especially not since his
little visit from the US Secret Service. On 1 March 1990, they burst
into his home, with guns drawn, in a dawn raid. The agents searched
everywhere, tearing the student house apart, but they didn't find
anything incriminating. They did take Erik's $59 keyboard terminal
with its chintzy little 300 baud modem, but they didn't get his main
computer, because Erik knew they were coming.
The Secret Service had subpoenaed his academic records, and Erik had
heard about it before the raid. So when the Secret Service arrived,
Erik's stuff just wasn't there. It hadn't been there for a few weeks,
but for Erik, they had been hard weeks. The hacker found himself
suffering withdrawal symptoms, so he bought the cheapest home computer
and modem he could find to tide him over.
That equipment was the only computer gear the Secret Service
discovered, and they were not happy special agents. But without
evidence, their hands were tied. No charges were laid.
Still, Erik thought he was probably being watched. The last thing he
wanted was for Phoenix's number to appear on his home phone bill. So
he let Phoenix call him, which the Australian did all the time. They
often talked for hours when Erik was working nights. It was a slack
job, just changing the back-up tapes on various computers and making
sure they didn't jam. Perfect for a student. It left Erik hours of
free time.
Erik frequently reminded Phoenix that his phone was probably tapped,
but Phoenix just laughed. `Yeah, well don't worry about it, mate. What
are they going to do? Come and get me?'
After Erik put a hold on his own hacking activities, he lived
vicariously, listening to Phoenix's exploits. The Australian called
him with a technical problem or an interesting system, and then they
discussed various strategies for getting into the machine. However,
unlike Electron's talks with Phoenix, conversations with Erik weren't
only about hacking. They chatted about life, about what Australia was
like, about girls, about what was in the newspaper that day. It was
easy to talk to Erik. He had a big ego, like most hackers, but it was
inoffensive, largely couched in his self-effacing humour.
Phoenix often made Erik laugh. Like the time he got Clifford Stoll, an
astronomer, who wrote The Cuckoo's Egg. The book described his pursuit
of a German hacker who had broken into the computer system Stoll
managed at Lawrence Berkeley Labs near San Francisco. The hacker had
been part of the same hacking ring as Pengo. Stoll took a hard line on
hacking, a position which did not win him popularity in the
underground. Both Phoenix and Erik had read Stoll's book, and one day
they were sitting around chatting about it.
`You know, it's really stupid that Cliffy put his email address in his
book,' Phoenix said. `Hmm, why don't I go check?'
Sure enough, Phoenix called Erik back about a day later. `Well, I got
root on Cliffy's machine,' he began slowly, then he burst out
laughing. `And I changed the message of the day. Now it reads, "It
looks like the Cuckoo's got egg on his face"!'
It was uproariously funny. Stoll, the most famous hacker-catcher in
the world, had been japed! It was the funniest thing Erik had heard in
weeks.
But it was not nearly so amusing as what Erik told Phoenix later about
the New York Times. The paper had published an article on 19 March
suggesting a hacker had written some sort of virus or worm which was
breaking into dozens of computers.
`Listen to this,' Erik had said, reading Phoenix the lead paragraph,
`"A computer intruder has written a program that has entered dozens of
computers in a nationwide network in recent weeks, automatically
stealing electronic documents containing users' passwords and erasing
files to help conceal itself."'
Phoenix was falling off his chair he was laughing so hard. A program?
Which was automatically doing this? No. It wasn't an automated
program, it was the Australians! It was the Realm hackers! God, this
was funny.
`Wait--there's more! It says, "Another rogue program shows a
widespread vulnerability". I laughed my ass off,' Erik said,
struggling to get the words out.
`A rogue program! Who wrote the article?'
`A John Markoff,' Erik answered, wiping his eyes. `I called him up.'
`You did? What did you say?' Phoenix tried to gather himself together.
`"John," I said, "You know that article you wrote on page 12 of the
Times? It's wrong! There's no rogue program attacking the Internet."
He goes, "What is it then?" "It's not a virus or a worm," I said.
"It's PEOPLE."'
Erik started laughing uncontrollably again.
`Then Markoff sounds really stunned, and he goes, "People?" And I
said, "Yeah, people." Then he said, "How do you know?" And I said,
"Because, John, I KNOW."'
Phoenix erupted in laughter again. The Times reporter obviously had
worms on his mind, since the author of the famous Internet worm,
Robert T. Morris Jr, had just been tried and convicted in the US. He
was due to be sentenced in May.
US investigators had tracked the hacker's connections, looping through
site after site in a burrowing manner which they assumed belonged to a
worm. The idea of penetrating so many sites all in such a short time
clearly baffled the investigators, who concluded it must be a program
rather than human beings launching the attacks.
`Yeah,' Erik continued, `And then Markoff said, "Can you get me to
talk to them?" And I said I'd see what I could do.'
`Yeah,' Phoenix said. `Go tell him, yes. Yeah, I gotta talk to this
idiot. I'll set him straight.'
Page one, the New York Times, 21 March 1990: `Caller Says he Broke
Computers' Barriers to Taunt the Experts', by John Markoff.
True, the article was below the crease--on the bottom half of the
page--but at least it was in column 1, the place a reader turns to
first.
Phoenix was chuffed. He'd made the front page of the New York Times.
`The man identified himself only as an Australian named Dave,' the
article said. Phoenix chuckled softly. Dave Lissek was the pseudonym
he'd used. Of course, he wasn't the only one using the name Dave. When
Erik first met the Australians on Altos, he marvelled at how they all
called themselves Dave. I'm Dave, he's Dave, we're all Dave, they told
him. It was just easier that way, they said.
The article revealed that `Dave' had attacked Spaf's and Stoll's
machines, and that the Smithsonian Astronomical Observatory at Harvard
University--where Stoll now worked--had pulled its computers off the
Internet as a result of the break in. Markoff had even included the
`egg on his face' story Phoenix had described to him.
Phoenix laughed at how well he had thumbed his nose at Cliffy Stoll.
This article would show him up all right. It felt so good, seeing
himself in print that way. He did that. That was him there in black in
white, for all the world to see. He had outsmarted the world's best
known hacker-catcher, and he had smeared the insult across the front
page of the most prestigious newspaper in America.
And Markoff reported that he had been in Spaf's system too! Phoenix
glowed happily. Better still, Markoff had quoted `Dave' on the
subject: `The caller said ... "It used to be the security guys chasing
the hackers. Now it's the hackers chasing the security people."'
The article went on: `Among the institutions believed to have been
penetrated by the intruder are the Los Alamos National Laboratories,
Harvard, Digital Equipment Corporation, Boston University and the
University of Texas.' Yes, that list sounded about right. Well, for
the Australians as a group anyway. Even if Phoenix hadn't masterminded
or even penetrated some of those himself, he was happy to take the
credit in the Times.
This was a red-letter day for Phoenix.
Electron, however, was furious. How could Phoenix be so stupid? He
knew that Phoenix had an ego, that he talked too much, and that his
tendency to brag had grown worse over time, fed by the skyrocketing
success of the Australian hackers. Electron knew all of that, but he
still couldn't quite believe that Phoenix had gone so far as to strut
and preen like a show pony for the New York Times.
To think that he had associated with Phoenix. Electron was disgusted.
He had never trusted Phoenix--a caution now proved wise. But he had
spent hours with him on the phone, with most of the information
flowing in one direction. But not only did Phoenix show no discretion
at all in dealing with the paper, he bragged about doing things that
Electron had done! If Phoenix had to talk--and clearly he should have
kept his mouth shut--he should have at least been honest about the
systems for which he could claim credit.
Electron had tried with Phoenix. Electron had suggested that he stop
talking to the security guys. He had continually urged caution and
discretion. He had even subtly withdrawn each time Phoenix suggested
one of his hair-brained schemes to show off to a security bigwig.
Electron had done this in the hope that Phoenix might get the hint.
Maybe, if Phoenix couldn't hear someone shouting advice at him, he
might at least listen to someone whispering it. But no. Phoenix was
far too thick for that.
The Internet--indeed, all hacking--was out of bounds for weeks, if not
months. There was no chance the Australian authorities would let a
front-page story in the Times go by un-heeded. The Americans would be
all over them. In one selfish act of hubris, Phoenix had ruined the
party for everyone else.
Electron unplugged his modem and took it to his father. During exams,
he had often asked his father to hide it. He didn't have the
self-discipline needed to stay away on his own and there was no other
way Electron could keep himself from jacking in--plugging his modem
into the wall. His father had become an expert at hiding the device,
but Electron usually still managed to find it after a few days,
tearing the house apart until he emerged, triumphant, with the modem
held high above his head. Even when his father began hiding the modem
outside the family home it would only postpone the inevitable.
This time, however, Electron vowed he would stop hacking until the
fallout had cleared--he had to. So he handed the modem to his father,
with strict instructions, and then tried to distract himself by
cleaning up his hard drive and disks. His hacking files had to go too.
So much damning evidence of his activities. He deleted some files and
took others on disks to store at a friend's house. Deleting files
caused Electron considerable pain, but there was no other way. Phoenix
had backed him into a corner.
Brimming with excitement, Phoenix rang Electron on a sunny March
afternoon.
`Guess what?' Phoenix was jumping around like an eager puppy at the
other end of the line. `We made the nightly news right across the US!'
`Uhuh,' Electron responded, unimpressed.
`This is not a joke!' We were on cable news all day too. I called Erik
and he told me.'
`Mmm,' Electron said.
`You know, we did a lot of things right. Like Harvard. We got into
every system at Harvard. It was a good move. Harvard gave us the fame
we needed.'
Electron couldn't believe what he was hearing. He didn't need any
fame--and he certainly didn't need to be busted. The
conversation--like Phoenix himself--was really beginning to annoy him.
`Hey, and they know your name,' Phoenix said coyly.
That got a reaction. Electron gulped his anger.
`Haha! Just joshing!' Phoenix practically shouted. `Don't worry! They
didn't really mention anyone's name.'
`Good,' Electron answered curtly. His irritation stewed
quietly.
`So, do you reckon we'll make the cover of Time or Newsweek?'
Good grief! Didn't Phoenix ever give up? As if it wasn't enough to
appear on the 6 o'clock national news in a country crawling with
over-zealous law enforcement agencies. Or to make the New York Times.
He had to have the weeklies too.
Phoenix was revelling in his own publicity. He felt like he was on top
of the world, and he wanted to shout about it. Electron had felt the
same wave of excitement from hacking many high-profile targets and
matching wits with the best, but he was happy to stand on the peak by
himself, or with people like Pad and Gandalf, and enjoy the view
quietly. He was happy to know he had been the best on the frontier of
a computer underground which was fresh, experimental and, most of all,
international. He didn't need to call up newspaper reporters or gloat
about it in Clifford Stoll's face.
`Well, what do you reckon?' Phoenix asked impatiently.
`No,' Electron answered.
`No? You don't think we will?' Phoenix sounded disappointed.
`No.'
`Well, I'll demand it!' Phoenix said laughing, `Fuck it, we want the
cover of Newsweek, nothing less.' Then, more seriously, `I'm trying to
work out what really big target would clinch it for us.'
`Yeah, OK, whatever,' Electron replied, distancing himself again.
But Electron was thinking, Phoenix, you are a fool. Didn't he see the
warning signs? Pad's warning, all the busts in the US, reports that
the Americans were hunting down the Brits. As a result of these news
reports of which Phoenix was so proud, bosses across the world would
be calling their computer managers into their offices and breathing
down their necks about their own computer security.
The brazen hackers had deeply offended the computer security industry,
spurring it into action. In the process, some in the industry had also
seen an opportunity to raise its own public profile. The security
experts had talked to the law enforcement agencies, who were now
clearly sharing information across national borders and closing in
fast. The conspirators in
the global electronic village were at the point of maximum
overreach.
`We could hack Spaf again,' Phoenix volunteered.
`The general public couldn't give a fuck about Eugene Spafford,'
Electron said, trying to dampen Phoenix's bizarre enthusiasm. He was
all for thumbing one's nose at authority, but this was not the way to
do it.
`It'd be so funny in court, though. The lawyer would call Spaf and
say, "So, Mr Spafford, is it true that you are a world-renowned
computer security expert?" When he said, "Yes" I'd jump up and go, "I
object, your honour, this guy doesn't know jackshit, 'cause I hacked
his machine and it was a breeze!"'
`Mmm.'
`Hey, if we don't get busted in the next two weeks, it will be a
miracle,' Phoenix continued happily.
`I hope not.'
`This is a lot of fun!' Phoenix shouted sarcastically. `We're gonna
get busted! We're gonna get busted!'
Electron's jaw fell to the ground. Phoenix was mad. Only a lunatic
would behave this way. Mumbling something about how tired he was,
Electron said goodbye and hung up.
At 5.50 a.m. on 2 April 1990, Electron dragged himself out of bed and
made his way to the bathroom. Part way through his visit, the light
suddenly went out.
How strange. Electron opened his eyes wide in the early morning
dimness. He returned to his bedroom and began putting on some jeans
before going to investigate the problem.
Suddenly, two men in street clothes yanked his window open and jumped
through into the room shouting, `GET DOWN ON THE FLOOR!'
Who were these people? Half-naked, Electron stood in the middle of his
room, stunned and immobile. He had suspected the police might pay him
a visit, but didn't they normally wear uniforms? Didn't they announce
themselves?
The two men grabbed Electron, threw him face down onto the floor and
pulled his arms behind his back. They jammed handcuffs on his
wrists--hard--cutting his skin. Then someone kicked him in the
stomach.
`Are there any firearms in the house?' one of the men asked.
Electron couldn't answer because he couldn't breathe. The kick had
winded him. He felt someone pull him up from the floor and prop him in
a chair. Lights went on everywhere and he could see six or seven
people moving around in the hallway. They must have come into the
house another way. The ones in the hallway were all wearing bibs with
three large letters emblazoned across the front: AFP.
As Electron slowly gathered his wits, he realised why the cops had
asked about firearms. He had once joked to Phoenix on the phone about
how he was practising with his dad's .22 for when the feds came
around. Obviously the feds had been tapping his phone.
While his father talked with one of the officers in the other room and
read the warrant, Electron saw the police pack up his computer
gear--worth some $3000--and carry it out of the house. The only thing
they didn't discover was the modem. His father had become so expert at
hiding it that not even the Australian Federal Police could find it.
Several other officers began searching Electron's bedroom, which was
no small feat, given the state it was in. The floor was covered in a
thick layer of junk. Half crumpled music band posters, lots of
scribbled notes with passwords and NUAs, pens, T-shirts both clean and
dirty, jeans, sneakers, accounting books, cassettes, magazines, the
occasional dirty cup. By the time the police had sifted through it all
the room was tidier than when they started.
As they moved into another room at the end of the raid, Electron bent
down to pick up one of his posters which had fallen onto the floor. It
was a Police Drug Identification Chart--a gift from a friend's
father--and there, smack dab in the middle, was a genuine AFP
footprint. Now it was a collector's item. Electron smiled to himself
and carefully tucked the poster away.
When he went out to the living room, he saw a policemen holding a
couple of shovels and he wanted to laugh again. Electron had also once
told Phoenix that all his sensitive hacking disks were buried in the
backyard. Now the police were going to dig it up in search of
something which had been destroyed a few days before. It was too
funny.
The police found little evidence of Electron's hacking at his house,
but that didn't really matter. They already had almost everything they
needed.
Later that morning, the police put the 20-year-old Electron into an
unmarked car and drove him to the AFP's imposing-looking headquarters
at 383 Latrobe Street for questioning.
In the afternoon, when Electron had a break from the endless
questions, he walked out to the hallway. The boyish-faced Phoenix,
aged eighteen, and fellow Realm member Nom, 21, were walking with
police at the other end of the hall. They were too far apart to talk,
but Electron smiled. Nom looked worried. Phoenix looked annoyed.
Electron was too intimidated to insist on having a lawyer. What was
the point in asking for one anyway? It was clear the police had
information they could only have obtained from
tapping his phone. They also showed him logs taken from Melbourne
University, which had been traced back to his phone. Electron figured
the game was up, so he might as well tell them the whole story--or at
least as much of it as he had told Phoenix on the phone.
Two officers conducted the interview. The lead interviewer was
Detective Constable Glenn Proebstl, which seemed to be pronounced
`probe stool'--an unfortunate name, Electron thought. Proebstl was
accompanied by Constable Natasha Elliott, who occasionally added a few
questions at the end of various interview topics but otherwise kept to
herself. Although he had decided to answer their questions truthfully,
Electron thought that neither of them knew much about computers and
found himself struggling to understand what they were trying to ask.
Electron had to begin with the basics. He explained what the FINGER
command was--how you could type `finger' followed by a username, and
then the computer would provide basic information about the user's
name and other details.
`So, what is the methodology behind it ... finger ... then, it's
normally ... what is the normal command after that to try and get the
password out?' Constable Elliott finally completed her convoluted
attempt at a question.
The only problem was that Electron had no idea what she was talking
about.
`Well, um, I mean there is none. I mean you don't use finger like that
...'
`Right. OK,' Constable Elliott got down to business. `Well, have you
ever used that system before?'
`Uhm, which system?' Electron had been explaining commands for so long
he had forgotten if they were still talking about how he hacked the
Lawrence Livermore computer or some other site.
`The finger ... The finger system?'
Huh? Electron wasn't quite sure how to answer that question. There was
no such thing. Finger was a command, not a computer.
`Uh, yes,' he said.
The interview went the same way, jolting awkwardly through computer
technology which he understood far better than either officer.
Finally, at the end of a long day, Detective Constable Proebstl asked
Electron:
`In your own words, tell me what fascination you find with accessing
computers overseas?'
`Well, basically, it's not for any kind of personal gain or anything,'
Electron said slowly. It was a surprisingly difficult question to
answer. Not because he didn't know the answer, but because it was a
difficult answer to describe to someone who had never hacked a
computer. `It's just the kick of getting in to a system. I mean, once
you are in, you very often get bored and even though you can still
access the system, you may never call back.
`Because once you've gotten in, it's a challenge over and you don't
really care much about it,' Electron continued, struggling. `It's a
hot challenge thing, trying to do things that other people are also
trying to do but can't.
`So, I mean, I guess it is a sort of ego thing. It's knowing that you
can do stuff that other people cannot, and well, it is the
challenge and the ego boost you get from doing something well ...
where other people try and fail.'
A few more questions and the day-long interview finally
finished. The police then took Electron to the Fitzroy police
station. He guessed it was the nearest location with a JP they could
find willing to process a bail application at that hour.
In front of the ugly brick building, Electron noticed a small group of
people gathered on the footpath in the dusky light. As the police car
pulled up, the group swung into a frenzy of activity, fidgeting in
over-the-shoulder briefcases, pulling out notebooks and pens, scooping
up big microphones with fuzzy shag covers, turning on TV camera
lights.
Oh NO! Electron wasn't prepared for this at all.
Flanked by police, Electron stepped out of the police car and blinked
in the glare of photographers' camera flashes and TV camera
searchlights. The hacker tried to ignore them, walking as briskly as
his captors would allow. Sound recordists and reporters tagged beside
him, keeping pace, while the TV cameramen and photographers weaved in
front of him. Finally he escaped into the safety of the watchhouse.
First there was paperwork, followed by the visit to the JP. While
shuffling through his papers, the JP gave Electron a big speech about
how defendants often claimed to have been beaten by the police.
Sitting in the dingy meeting room, Electron felt somewhat confused by
the purpose of this tangential commentary. However, the JP's next
question cleared things up: `Have you had any problems with your
treatment by the police which you would like to record at this time?'
Electron thought about the brutal kick he had suffered while lying on
his bedroom floor, then he looked up and found Detective Constable
Proebstl staring him in the eye. A slight smile passed across the
detective's face.
`No,' Electron answered.
The JP proceeded to launch into another speech which Electron found
even stranger. There was another defendant in the lock-up at the
moment, a dangerous criminal who had a disease the JP knew about, and
the JP could decide to lock Electron up with that criminal instead of
granting him bail.
Was this meant to be helpful warning, or just the gratification of
some kind of sadistic tendency? Electron was baffled but he didn't
have to consider the situation for long. The JP granted bail.
Electron's father came to the watchhouse, collected his son and signed
the papers for a $1000 surety--to be paid if Electron skipped town.
That night Electron watched as his name appeared on the late night
news.
At home over the next few weeks, Electron struggled to come to terms
with the fact that he would have to give up hacking forever. He still
had his modem, but no computer. Even if he had a machine, he realised
it was far too dangerous to even contemplate hacking again.
So he took up drugs instead.
Electron's father waited until the very last days of his illness, in
March 1991, before he went into hospital. He knew that once he went
in, he would not be coming out again.
There was so much to do before that trip, so many things to organise.
The house, the life insurance paperwork, the will, the funeral, the
instructions for the family friend who promised to watch over both
children when he was gone. And, of course, the children themselves.
He looked at his two children and worried. Despite their ages of 21
and 19, they were in many ways still very sheltered. He realised that
Electron's anti-establishment attitude and his sister's emotional
remoteness would remain unresolved difficulties at the time of his
death. As the cancer progressed, Electron's father tried to tell both
children how much he cared for them. He might have been somewhat
emotionally remote himself in the past, but with so little time left,
he wanted to set the record straight.
On the issue of Electron's problems with the police, however,
Electron's father maintained a hands-off approach. Electron had only
talked to his father about his hacking exploits occasionally, usually
when he had achieved what he considered to be a very noteworthy hack.
His father's view was always the same. Hacking is illegal, he told his
son, and the police will probably eventually catch you. Then you will
have to deal with the problem yourself. He didn't lecture his son, or
forbid Electron from hacking. On this issue he considered his son old
enough to make his own choices and live with the consequences.
True to his word, Electron's father had shown little sympathy for his
son's legal predicament after the police raid. He remained neutral on
the subject, saying only, `I told you something like this would happen
and now it is your responsibility'.
Electron's hacking case progressed slowly over the year, as did his
university accounting studies. In March 1991, he faced committal
proceedings and had to decide whether to fight his committal.
He faced fifteen charges, most of which were for obtaining
unauthorised access to computers in the US and Australia. A few were
aggravated offences, for obtaining access to data of a commercial
nature. On one count each, the DPP (the Office of the Commonwealth
Director of Public Prosecutions) said he altered and erased data.
Those two counts were the result of his inserting backdoors for
himself, not because he did damage to any files. The evidence was
reasonably strong: telephone intercepts and datataps on Phoenix's
phone which showed him talking to Electron about hacking; logs of
Electron's own sessions in Melbourne University's systems which were
traced back to his home phone; and Electron's own confession to the
police.
This was the first major computer hacking case in Australia under the
new legislation. It was a test case--the test case for computer
hacking in Australia--and the DPP was going in hard. The case had
generated seventeen volumes of evidence, totalling some 25000 pages,
and Crown prosecutor Lisa West planned to call up to twenty expert
witnesses from Australia, Europe and the US.
Those witnesses had some tales to tell about the Australian hackers,
who had caused havoc in systems around the world. Phoenix had
accidentally deleted a Texas-based company's inventory of assets--the
only copy in existence according to Execucom Systems Corporation. The
hackers had also baffled security personnel at the US Naval Research
Labs. They had bragged to the New York Times. And they forced NASA to
cut off its computer network for 24 hours.
AFP Detective Sergeant Ken Day had flown halfway around the world to
obtain a witness statement from none other than NASA Langley computer
manager Sharon Beskenis--the admin Phoenix had accidentally kicked off
her own system when he was trying to get Deszip. Beskenis had been
more than happy to oblige and on 24 July 1990 she signed a statement
in Virginia, witnessed by Day. Her statement said that, as a result of
the hackers' intrusion, `the entire NASA computer system was
disconnected from any external communications with the rest of the
world' for about 24 hours on 22 February 1990.
In short, Electron thought, there didn't seem to be much chance of
winning at the committal hearing. Nom seemed to feel the same way. He
faced two counts, both `knowingly concerned' with Phoenix obtaining
unauthorised access. One was for NASA Langley, the other for
CSIRO--the Zardoz file. Nom didn't fight his committal either,
although Legal Aid's refusal
to fund a lawyer for the procedure no doubt weighed in his
decision.
On 6 March 1991, Magistrate Robert Langton committed Electron and Nom
to stand trial in the Victorian County Court.
Phoenix, however, didn't agree with his fellow hackers' point of view.
With financial help from his family, he had decided to fight his
committal. He wasn't going to hand this case to the prosecution on a
silver platter, and they would have to fight him every step of the
way, dragging him forward from proceeding to proceeding. His
barrister, Felicity Hampel, argued the court should throw out 47 of
the 48 charges against her client on jurisdictional grounds. All but
one charge--breaking into the CSIRO machine in order to steal
Zardoz--related to hacking activities outside Australia. How could an
Australian court claim jurisdiction over a hacked computer in Texas?
Privately, Phoenix worried more about being extradited to the US than
dealing with the Australian courts, but publicly he was going into the
committal with all guns blazing. It was a test case in many ways; not
only the first major hacking case in Australia but also the first time
a hacker had fought Australian committal proceedings for computer
crimes.
The prosecution agreed to drop one of the 48 counts, noting it was a
duplicate charge, but the backdown was a pyrrhic victory for Phoenix.
After a two-day committal hearing, Magistrate John Wilkinson decided
Hampel's jurisdictional argument didn't hold water and on 14 August
1991 he committed Phoenix to stand trial in the County Court.
By the day of Electron's committal, in March, Electron's father had
begun his final decline. The bowel cancer created a roller-coaster of
good and bad days, but soon there were only bad days, and they were
getting worse. On the last day of March, the doctors told him that it
was finally time to make the trip to hospital. He stubbornly refused
to go, fighting their advice, questioning their authority. They
quietly urged him again. He protested. Finally, they insisted.
Electron and his sister stayed with their father for hours that day,
and the following one. Their father had other visitors to keep his
spirits up, including his brother who fervently beseeched him to
accept Jesus Christ as his personal saviour before he died. That way,
he wouldn't burn in hell. Electron looked at his uncle, disbelieving.
He couldn't believe his father was having to put up with such crap on
his deathbed. Still, Electron chose to be discreet. Apart from an
occasional rolling of the eyes, he kept his peace at his father's
bedside.
Perhaps, however, the fervent words did some good, for as Electron's
father spoke about the funeral arrangements, he made a strange slip of
the tongue. He said `wedding' instead of funeral, then paused,
realising his mistake. Glancing slowly down at the intricate braided
silver wedding band still on his finger, he smiled frailly and said,
`I suppose, in a way, it will be like a wedding'.
Electron and his sister went to hospital every day for four days, to
sit by their father's bed.
At 6 a.m. on the fifth day, the telephone rang. It was the family
friend their father had asked to watch over them. Their father's life
signs were very, very weak, fluttering on the edge of death.
When Electron and his sister arrived at the hospital, the nurse's face
said everything. They were too late. Their father had died ten minutes
before they arrived. Electron broke down and wept. He hugged his
sister, who, for a brief moment, seemed almost reachable. Driving them
back to the house, the family friend stopped and bought them an
answering machine.
`You'll need this when everyone starts calling in,' she told them.
`You might not want to talk to anyone for a while.'
In the months after his bust in 1990 Electron began smoking marijuana
regularly. At first, as with many other university students, it was a
social thing. Some friends dropped by, they happened to have a few
joints, and so everybody went out for a night on the town. When he was
in serious hacking mode, he never smoked. A clear head was much too
important. Besides, the high he got from hacking was a hundred times
better than anything dope could ever do for him.
When Phoenix appeared on the front page of the New York Times,
Electron gave up hacking. And even if he had been tempted to return to
it, he didn't have anything to hack with after the police took his
only computer. Electron found himself casting around for something to
distract him from his father's deteriorating condition and the void
left by giving up hacking. His accounting studies didn't quite fit the
bill. They had always seemed empty, but never more so than now.
Smoking pot filled the void. So did tripping. Filled it very nicely.
Besides, he told himself, it's harder to get caught smoking dope in
your friends' houses than hacking in your own. The habit grew
gradually. Soon, he was smoking dope at home. New friends began coming
around, and they seemed to have drugs with them all the time--not just
occasionally, and not just for fun.
Electron and his sister had been left the family home and enough money
to give them a modest income. Electron began spending this money on
his new-found hobby. A couple of Electron's new friends moved into the
house for a few months. His sister didn't like them dealing drugs out
of the place, but Electron didn't care what was happening around him.
He just sat in his room, listening to his stereo, smoking dope,
dropping acid and watching the walls.
The headphones blocked out everyone in the house, and, more
importantly, what was going on inside Electron's own head. Billy
Bragg. Faith No More. Cosmic Psychos. Celibate Rifles. Jane's
Addiction. The Sex Pistols. The Ramones. Music gave Electron a
pinpoint, a figurative dot of light on his forehead where he could
focus his mind. Blot out the increasingly strange thoughts creeping
through his consciousness.
His father was alive. He was sure of it. He knew it, like he knew the
sun would rise tomorrow. Yet he had seen his father lying, dead, in
the hospital bed. It didn't make sense.
So he took another hit from the bong, floated in slow motion to his
bed, lay down, carefully slid the earphones over his head, closed his
eyes and tried to concentrate on what the Red Hot Chilli Peppers were
saying instead. When that wasn't enough, he ventured down the hallway,
down to his new friends--the friends with the acid tabs. Then, eight
more hours without having to worry about the strange thoughts.
Soon people began acting strangely too. They would tell Electron
things, but he had trouble understanding them. Pulling a milk carton
from the fridge and sniffing it, Electron's sister might say, `Milk's
gone off'. But Electron wasn't sure what she meant. He would look at
her warily. Maybe she was trying to tell him something else, about
spiders. Milking spiders for venom.
When thoughts like these wafted through Electron's mind, they
disturbed him, lingering like a sour smell. So he floated back to the
safety of his room and listened to songs by Henry Rollins.
After several months in this cloudy state of limbo, Electron awoke one
day to find the Crisis Assessment Team--a mobile psychiatric team--in
his bedroom. They asked him questions, then they tried to feed him
little blue tablets. Electron didn't want to take the tablets. Were
little blue pills placebos? He was sure they were. Or maybe they were
something more sinister.
Finally, the CAT workers convinced Electron to take the Stelazine
tablet. But when they left, terrifying things began to happen.
Electron's eyes rolled uncontrollably to the back of his head. His
head twisted to the left. His mouth dropped open, very wide. Try as he
might, he couldn't shut it, any more than he could turn his head
straight. Electron saw himself in the mirror and he panicked. He
looked like a character out of a horror
picture.
His new house-mates reacted to this strange new behaviour by trying to
psychoanalyse Electron, which was less than helpful. They discussed
him as if he wasn't even present. He felt like a ghost and, agitated
and confused, he began telling his friends that he was going to kill
himself. Someone called the CAT team again. This time they refused to
leave unless he would guarantee not to attempt suicide.
Electron refused. So they had him committed.
Inside the locked psychiatric ward of Plenty Hospital (now known as
NEMPS), Electron believed that, although he had gone crazy, he wasn't
really in a hospital psychiatric ward. The place was just supposed to
look like one. His father had set it
all up.
Electron refused to believe anything that anyone told him. It was all
lies. They said one thing, but always meant another.
He had proof. Electron read a list of patients' names on the wall and
found one called Tanas. That name had a special meaning. It was an
anagram for the word `Santa'. But Santa Claus was a myth, so the name
Tanas appearing on the hospital list proved to him that he shouldn't
listen to anything anyone told him.
Electron ate his meals mostly in silence, trying to ignore the
voluntary and involuntary patients who shared the dining hall. One
lunchtime, a stranger sat down at Electron's table and started talking
to him. Electron found it excruciatingly painful talking to other
people, and he kept wishing the stranger would go away.
The stranger talked about how good the drugs were in
hospital.
`Mm,' Electron said. `I used to do a lot of drugs.'
`How much is a lot?'
`I spent $28000 on dope alone in about four months.'
`Wow,' the stranger said, impressed. `Of course, you don't have to pay
for drugs. You can always get them for free. I do.'
`You do?' Electron asked, somewhat perplexed.
`Sure! All the time,' the stranger said grandly. `No problem. Just
watch.'
The stranger calmly put his fork down on the tray, carefully stood up
and then began yelling at the top of his lungs. He waved his arms
around frantically and shouted abuse at the other patients.
Two nurses came running from the observation room. One of them tried
to calm the stranger down while the other quickly measured out various
pills and grabbed a cup of water. The stranger swallowed the pills,
chased them with a swig of water and sat down quietly. The nurses
retreated, glancing back over their shoulders.
`See?' The stranger said. `Well, I'd better be on my way, before the
pills kick in. See ya.'
Electron watched, amazed, as the stranger picked up his bag, walked
through the dining-hall door, and straight out the front door of the
psychiatric ward.
After a month, the psychiatrists reluctantly allowed Electron to leave
the hospital in order to stay with his maternal grandmother in
Queensland. He was required to see a psychiatrist regularly. He spent
his first few days in Queensland believing he was Jesus Christ. But he
didn't hold onto that one for long. After two weeks of patiently
waiting and checking for signs of the imminent apocalypse, consistent
with the second coming, he decided he was really the reincarnation of
Buddha.
In late February 1992, after three months of psychiatric care up
north, Electron returned to Melbourne and his university studies, with
a bag full of medication. Prozac, major tranquillisers, Lithium. The
daily routine went smoothly for a while. Six Prozac--two in the
morning, two at midday and two at night. Another anti-depressant to be
taken at night. Also at night, the anti-side effect tablets to combat
the involuntary eye-rolling, jaw-dropping and neck-twisting associated
with the anti-depressants.
All of it was designed to help him deal with what had by
now become a long list of diagnoses. Cannabis psychosis.
Schizophrenia. Manic depression. Unipolar effective disorder.
Schizophrenaform. Amphetamine psychosis. Major effective disorder.
Atypical psychosis. And his own personal favourite--facticious
disorder, or faking it to get into hospital. But the medication wasn't
helping much. Electron still felt wretched, and returning to a host of
problems in Melbourne made things worse.
Because of his illness, Electron had been largely out of the loop of
legal proceedings. Sunny Queensland provided a welcome escape. Now he
was back in Victoria facing a tedious university course in accounting,
an ongoing battle with mental illness, federal charges which could see
him locked up for ten years, and publicity surrounding the first major
hacking case in Australia. It was going to be a hard winter.
To make matters worse, Electron's medication interfered with his
ability to study properly. The anti-side effect pills relaxed the
muscles in his eyes, preventing them from focusing. The writing on the
blackboard at the front of the lecture hall was nothing but a hazy
blur. Taking notes was also a problem. The medication made his hands
tremble, so he couldn't write properly. By the end of a lecture,
Electron's notes were as unreadable as the blackboard. Frustrated,
Electron stopped taking his medicine, started smoking dope again and
soon felt a little better. When the dope wasn't enough, he turned to
magic mushrooms and hallucinogenic cactus.
The hacking case was dragging on and on. On 6 December 1991, just
after he left psych hospital but before he flew to Queensland, the
office of the DPP had formally filed an indictment containing fifteen
charges against Electron, and three against Nom, in the Victorian
County Court.
Electron didn't talk to Phoenix much any more, but the DPP lawyers
hadn't forgotten about him--far from it. They had much bigger plans
for Phoenix, perhaps because he was fighting every step of the way.
Phoenix was uncooperative with police in the interview on the day of
the raid, frequently refusing to answer their questions. When they
asked to fingerprint him, he refused and argued with them about it.
This behaviour did not endear him to either the police or the DPP.
On 5 May 1992, the DPP filed a final indictment with 40 charges
against Phoenix in the County Court. The charges, in conjunction with
those against Electron and Nom, formed part of a joint indictment
totalling 58 counts.
Electron worried about being sent to prison. Around the world, hackers
were under siege--Par, Pengo, LOD and Erik Bloodaxe, MOD, The Realm
hackers, Pad and Gandalf and, most recently, the International
Subversives. Somebody seemed to be trying to make a point.
Furthermore, Electron's charges had changed considerably--for the
worse--from the original ones documented in April 1990.
The DPP's final indictment bore little resemblance to the original
charge sheet handed to the young hacker when he left the police
station the day he was raided. The final indictment read like a
veritable Who's Who of prestigious institutions around the world.
Lawrence Livermore Labs, California. Two different computers at the US
Naval Research Laboratories, Washington DC. Rutgers University, New
Jersey. Tampere University of Technology, Finland. The University of
Illinios. Three different computers at the University of Melbourne.
Helsinki University of Technology, Finland. The University of New
York. NASA Langley Research Center, Hampton, Virginia. CSIRO, Carlton,
Victoria.
The charges which worried Electron most related to the
US Naval Research Labs, CSIRO, Lawrence Livermore Labs
and NASA. The last three weren't full hacking charges. The
DPP alleged Electron had been `knowingly concerned' with Phoenix's
access of these sites.
Electron looked at the thirteen-page joint indictment and didn't know
whether to laugh or cry. He had been a lot more than `knowingly
concerned' with accessing those sites. In many cases, he had given
Phoenix access to those computers in the first place. But Electron
tried to tread quietly, carefully, through most systems, while Phoenix
had noisily stomped around with all the grace of a buffalo--and left
just as many footprints. Electron hardly wanted to face full charges
for those or any other sites. He had broken into thousands of sites on
the X.25 network, but he hadn't been charged with any of them. He
couldn't help feeling a little like the gangster Al Capone being done
for tax evasion.
The proceedings were attracting considerable media attention. Electron
suspected the AFP or the DPP were alerting the media to upcoming court
appearances, perhaps in part to prove to the Americans that `something
was being done'.
This case had American pressure written all over it. Electron's
barrister, Boris Kayser, said he suspected that `the
Americans'--American institutions, companies or government
agencies--were indirectly funding some of the prosecution's case by
offering to pay for US witnesses to attend the trial. The Americans
wanted to see the Australian hackers go down, and they were throwing
all their best resources at the case to make sure it happened.
There was one other thing--in some ways the most disturbing matter of
all. In the course of the legal to-ing and fro-ing, Electron was told
that it was the US Secret Service back in 1988 which had triggered the
AFP investigation into The Realm hackers--an investigation which had
led to Electron's bust and current legal problems. The Secret Service
was after the hackers who broke into Citibank.
As it happened, Electron had never touched Citibank. Credit cards
couldn't interest him less. He found banks boring and, the way he
looked at it, their computers were full of mundane numbers belonging
to the world of accounting. He had already suffered through enough of
those tedious types of numbers in his university course. Unless he
wanted to steal from banks--something he would not do--there was no
point in breaking into their computers.
But the US Secret Service was very interested in banks--and in
Phoenix. For they didn't just believe that Phoenix had been inside
Citibank's computers. They believed he had masterminded the Citibank
attack.
And why did the US Secret Service think that? Because, Electron was
told, Phoenix had gone around bragging about it in the underground. He
hadn't just told people he had hacked into Citibank computers, he
reportedly boasted that he had stolen some $50000 from the bank.
Going through his legal brief, Electron had discovered something which
seemed to confirm what he was being told. The warrant for the
telephone tap on both of Phoenix's home phones mentioned a potential
`serious loss to Citibank' as a justification for the warrant.
Strangely, the typed words had been crossed out in the handwritten
scrawl of the judge who approved the warrant. But they were still
legible. No wonder the US Secret Service began chasing the case,
Electron thought. Banks get upset when they think people have found a
way to rip them off anonymously.
Electron knew that Phoenix hadn't stolen any money from Citibank.
Rather, he had been circulating fantastic stories about himself to
puff up his image in the underground, and in the process had managed
to get them all busted.
In September 1992, Phoenix rang Electron suggesting they get together
to discuss the case. Electron wondered why. Maybe he suspected
something, sensing that the links binding them were weak, and becoming
weaker by the month. That Electron's mental illness had changed his
perception of the world. That his increasingly remote attitude to
Phoenix suggested an underlying anger about the continual bragging.
Whatever the reason, Phoenix's gnawing worry must have been confirmed
when Electron put off meeting with him.
Electron didn't want to meet with Phoenix because he didn't like him,
and because he thought Phoenix was largely responsible for getting the
Australian hackers into their current predicament.
With these thoughts fermenting in his mind, Electron listened with
interest a few months later when his solicitor, John McLoughlin,
proposed an idea. In legal circles, it was nothing new. But it was new
to Electron. He resolved to take up McLoughlin's advice.
Electron decided to testify as a Crown witness against Phoenix.
Chapter 7 -- Judgement Day.
Your dream world is just about to end.
-- from `Dreamworld', Diesel and Dust.
In another corner of the globe, the British hackers Pad and Gandalf
learned with horror that the Australian authorities had busted the
three Realm hackers. Electron had simply disappeared one day. A short
time later, Phoenix was gone too. Then the reports started rolling in
from newspapers and from other Australian hackers on a German board
similar to Altos, called Lutzifer.
Something else worried Pad. In one of his hacking forays, he had
discovered a file, apparently written by Eugene Spafford, which said
he was concerned that some British hackers--read Pad and
Gandalf--would create a new worm, based on the RTM worm, and release
it into the Internet. The unnamed British hackers would then be able
to cause maximum havoc on thousands of Internet sites.
It was true that Gandalf and Pad had captured copies of various worm
source codes. They fished around inside SPAN until they surfaced with
a copy of the Father Christmas worm. And, after finally successfully
hacking Russell Brand's machine at LLNL, they deftly lifted a complete
copy of the WANK worm. In Brand's machine, they also found a
description of how someone had broken into SPAN looking for the WANK
worm code, but hadn't found it. `That was me breaking into SPAN to
look around,' Gandalf laughed, relaying the tale to Pad.
Despite their growing library of worm code, Pad had no intention of
writing any such worm. They simply wanted the code to study what
penetration methods the worms had used and perhaps to learn something
new. The British hackers prided themselves on never having done
anything destructive to systems they hacked. In places where they knew
their activities had been discovered--such as at the Universities of
Bath, Edinburgh, Oxford and Strathclyde--they wrote notes to the
admins signed 8lgm. It wasn't only an ego thing--it was also a way of
telling the admins that they weren't going to do anything nasty to the
system.
At one university, the admins thought 8lgm was some kind
of weird variation on a Belgian word and that the hackers who visited
their systems night after night were from Belgium. At another uni, the
admins made a different guess at the meaning. In the morning, when
they came into work and saw that the hackers had been playing in their
system all night, they would sigh to each other, `Our eight little
green men are at it again'.
At the University of Lancaster, the hackers wrote a message to the
admins which said: `Don't do anything naughty. We have a good image
around the world, so please don't tarnish it or start making up
stories about us messing up systems. Don't hold your breath for us to
hack you, but keep us in mind.' Wherever they went, their message was
the same.
Nonetheless Pad visualised a scenario where Spaf whipped up the
computer security and law enforcement people into a frenzied panic and
tried to pin all sorts of things on the British hackers, none of which
they had done. The underground saw Spaf as being rabid in his attack
on hackers, based largely on his response to the RTM worm. And Gandalf
had hacked Spaf's machine.
The crackdown on the Australians, combined with the discovery of the
Spaf file, had a profound effect on Pad. Always cautious anyway, he
decided to give up hacking. It was a difficult decision, and weaning
himself from exploring systems night after night was no easy task.
However, in the face of what had happened to Electron and Phoenix,
continuing to hack didn't seem worth the risk.
When Pad gave up hacking, he bought his own NUI so he could access
places like Altos legitimately. The NUI was expensive--about
[sterling]10 an hour--but he was never on for long. Leisurely chats of
the type he once enjoyed in Altos were out of the question, but at
least he could mail letters to his friends like Theorem and Gandalf.
There would have been easier ways to maintain his friendship with
Gandalf, who lived in Liverpool, only an hour's drive away. But it
wouldn't be the same. Pad and Gandalf had never met, or even talked on
the phone. They talked on-line, and via email. That was the way they
related.
Pad also had other reasons for giving up hacking. It was an expensive
habit in Britain because British Telecom time-charged for local phone
calls. In Australia, a hacker could stay on-line for hours, jumping
from one computer to another through the data network, all for the
cost of one local call. Like the Australians, Pad could launch his
hacking sessions from a local uni or X.25 dial-up. However, an
all-night hacking session based on a single phone call might still
cost him [sterling]5 or more in timed-call charges--a considerable
amount of money for an unemployed young man. As it was, Pad had
already been forced to stop hacking for brief periods when he ran out
of his dole money.
Although Pad didn't think he could be prosecuted for hacking under
British law in early 1990, he knew that Britain was about to enact its
own computer crime legislation--the Computer Misuse Act 1990--in
August. The 22-year-old hacker decided that it was better to quit
while he was ahead.
And he did, for a while at least. Until July 1990, when Gandalf, two
years his junior, tempted him with one final hack before the new Act
came into force. Just one last fling, Gandalf told him. After that
last fling in July, Pad stopped hacking again.
The Computer Misuse Act passed into law in August 1990, following two
law commission reviews on the subject. The Scottish Law Commission
issued a 1987 report proposing to make unauthorised data access
illegal, but only if the hacker tried to `secure advantage, or cause
damage to another person'--including reckless damage.2 Simple look-see
hacking would not be a crime under the report's recommendations.
However, in 1989 The Law Commission of England and Wales issued its
own report proposing that simple unauthorised access should be a crime
regardless of intent--a recommendation which was eventually included
in the law.
Late in 1989, Conservative MP Michael Colvin introduced a private
member's bill into the British parliament. Lending her support to the
bill, outspoken hacker-critic Emma Nicholson, another Conservative MP,
fired public debate on the subject and ensured the bill passed through
parliament successfully.
In November 1990, Pad was talking on-line with Gandalf, and his friend
suggested they have one more hack, just one more, for old time's sake.
Well, thought Pad, one more--just a one-off thing--wouldn't hurt.
Before long, Pad was hacking regularly again, and when Gandalf tried
to give it up, Pad was there luring him to return to his favourite
pastime. They were like two boys at school, getting each other into
trouble--the kind of trouble which always comes in pairs. If Pad and
Gandalf hadn't known each other, they probably would both have walked
away from hacking forever in 1990.
As they both got back into the swing of things, they tried to make
light of the risk of getting caught. `Hey, you know,' Gandalf joked
on-line more than once, `the first time we actually meet each other in
person will probably be in a police station.'
Completely irreverent and always upbeat, Gandalf proved to be a true
friend. Pad had rarely met such a fellow traveller in the real world,
let alone on-line. What others--particularly some American
hackers--viewed as prickliness, Pad saw as the perfect sense of
humour. To Pad, Gandalf was the best m8 a fellow could ever have.
During the time Pad avoided hacking, Gandalf had befriended another,
younger hacker named Wandii, also from the north of England. Wandii
never played much of a part in the international computer underground,
but he did spend a lot of time hacking European computers. Wandii and
Pad got along pleasantly but they were never close. They were
acquaintances, bound by ties to Gandalf in the underground.
By the middle of June 1991, Pad, Gandalf and Wandii were peaking. At
least one of them--and often more--had already broken into systems
belonging to the European Community in Luxembourg, The Financial Times
(owners of the FTSE 100 share index), the British Ministry of Defence,
the Foreign Office, NASA, the investment bank SG Warburg in London,
the American computer database software manufacturer Oracle, and more
machines on the JANET network than they could remember. Pad had also
penetrated a classified military network containing a NATO system.
They moved through British Telecom's Packet Switched Stream Network
(PSS), which was similar to the Tymnet X.25 network, with absolute
ease.3
Gandalf's motto was, `If it moves, hack it'.
Underground / Dreyfus, Suelette