Interlopers

Book-CyberpukCover-01

Update

This entry has been corrected to reflect that Pengo’s associate Markus Hess was the key hacker in the Project Equalizer episode.

A headline from a few years back:

New York Times Hacked: Website Back To Normal After Outage

08/29/2013 09:49 am ET | Updated Aug 29, 2013

The New York Times website was back up on Wednesday after what appeared to be an attack by the Syrian Electronic Army.

The website went down for most users Tuesday afternoon. The newspaper revealed shortly after the outage struck that it had been hit by “a malicious external attack.” The Syrian Electronic Army, the pro-Assad group that has targeted numerous news outlets in recent months, claimed responsibility for the attack.

Before there was ISIL, before there was the Syrian Electronic Army, before there was the World Wide Web, there was Cyberpunk.

In the historical study by Katie Hafner and John Markoff, Kevin Mitnick is a sociopathic night stalker, prowling at first America’s telephone networks and ultimately computer centers at the highest levels. Hans Heinrich Hübner, aka “Pengo,” is a disaffected youth coming of age in Cold War Berlin and turning to computer crime with visions of grandeur. Robert T. Morris is computer genius on the elevator to greatness before being seduced into the world of computer meddling. They are all cyberpunks:

Cyberpunk is a subgenre of science fiction in a future setting that tends to focus on the society of the proverbial “high tech low life” featuring advanced technological and scientific achievements, such as information technology and cybernetics, juxtaposed with a degree of breakdown or radical change in the social order.

Cyberpunk plots often center on conflict among artificial intelligences, hackers, and among megacorporations, and tend to be set in a future Earth, rather than in the far-future settings or galactic vistas found in novels such as Isaac Asimov‘s Foundation or Frank Herbert‘s Dune. The settings are usually post-industrial dystopias but tend to feature extraordinary cultural ferment and the use of technology in ways never anticipated by its original inventors (“the street finds its own uses for things”). Much of the genre’s atmosphere echoes film noir, and written works in the genre often use techniques from detective fiction.

Hafner and Markoff came out with their book in 1991, shortly after computer intrusion began to hit the national news in the 1980s. Headlines such as the one above are commonplace now, showing that these three cases of computer intrusion were just the camel’s nose. Darker things were to come.

So much of what the book is about is today passé. Technology has swept over the world of computer intrusion like an ocean wave, leaving anybody reading the book today marveling at the quaintness of it all. I’m not going to dissect the book. I will just run through the three episodes, giving interested readers a taste of a world gone by.

The book is three almost independent stories:

Kevin: The Dark-Side Hacker

A dysfunctional family is not essential to the creation of a social misfit, but in Kevin Mitnick’s case it was a kindly assist:

Kevin was the kind of kid who would be picked last for a school team. His oversize plaid shirts were seldom tucked in, and his pear-shaped body was so irregular that any blue jeans would be an imperfect fit. His seventeen years hadn’t been easy. When Kevin was three, his parents separated. His mother, Shelly, got a job as a waitress at a local delicatessen and embarked on a series of new relationships. Every time Kevin started to get close to a new father, the man disappeared. Kevin’s real father was seldom in touch; he remarried and had another son, athletic and good-looking. During Kevin’s junior high school years, just as he was getting settled into a new school, the family moved. It wasn’t surprising that Kevin looked to the telephone for solace.

Susan and Kevin didn’t get along from the start. Kevin had no use for Susan, and Susan saw him as a hulking menace with none of Roscoe’s charm. What was more, he seemed to have a malicious streak that she didn’t see in Roscoe. This curiously oafish friend of Roscoe’s always seemed to be busy carrying out revenge of one sort or another, cutting off someone’s phone service or harassing people over the amateur radio. At the same time, Kevin was a master of the soothing voice who aimed at inspiring trust, then cooperation. Kevin used his silken entreaties to win over even the most skeptical keepers of passwords. And he seemed to know even more about the phone system than Roscoe. Kevin’s most striking talent was his photographic memory. Presented with a long list of computer passwords for a minute or two, an hour later Kevin could recite the list verbatim.

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (p. 26). Touchstone/Simon & Schuster. Kindle Edition.

Susan was likewise a product of a shattered family life, quickly growing to a statuesque six feet and early on gaining success as a prostitute. One thing she shared with Kevin and others of the gang was strength in social engineering. A key to success for these early break-in artists was the ability to talk themselves into safely-guarded systems and to cajole others into surrendering secret passwords.

Susan liked to illustrate her belief with the following scenario: Take a computer and put it in a bank vault with ten-foot-thick walls. Power it up with an independent source, with a second independent source for backup. Install a combination lock on the door, along with an electronic beam security system. Give one person access to the vault. Then give one more person access to that system and security is cut in half. With a second person in the picture, Susan said, she could play the two against each other. She could call posing as the secretary of one person, or as a technician in for repair at the request of the other. She could conjure dozens of ruses for using one set of human foibles against another. And the more people with access the better. In the military, hundreds of people have access. At corporations, thousands do. “I don’t care how many millions of dollars you spend on hardware,” Susan would

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (p. 61). Touchstone/Simon & Schuster. Kindle Edition.

Kevin early gained notoriety as a ham radio abuser. This attracted the attention of Roscoe, leading to a collaboration that came to be called the Roscoe Gang. It comprised Roscoe, Kevin Mitnick, Susan Thunder, and ultimately Lenny DiCicco. The early interest of Kevin and Roscoe was phone phreaking:

Phreaking is a slang term coined to describe the activity of a culture of people who study, experiment with, or explore, telecommunication systems, such as equipment and systems connected to public telephone networks. The term phreak is a sensational spelling of the word freak with the ph- from phone, and may also refer to the use of various audio frequencies to manipulate a phone system. Phreak, phreaker, or phone phreak are names used for and by individuals who participate in phreaking.

The term first referred to groups who had reverse engineered the system of tones used to route long-distance calls. By re-creating these tones, phreaks could switch calls from the phone handset, allowing free calls to be made around the world. To ease the creation of these tones, electronic tone generators known as blue boxes became a staple of the phreaker community, including future Apple Inc. cofounders Steve Jobs and Steve Wozniak.

What is most ironic is that Apple Computer, a company notorious for initiating lawsuits over copyright infringement, was started by two individuals engaged in this parallel, illegal, enterprise.

From stealing time from the telephone company, Kevin migrated into computer intrusion. At this he became famously adroit, a prime tool being his aforementioned social engineering skills. What eventually brought Kevin down was his vituperative mindset, the same that gained him attention in ham radio circles. He invested enormous enterprise and took great satisfaction in rendering unto those he considered had done him wrong or had otherwise disparaged him. When he screwed over Lenny, Lenny returned the kindness by dropping a dime on Kevin. I cringe at the term, now completely obsoleted by the advent of modern telephone systems. The curtain fell this way:

Kevin was taken completely by surprise. The broad grin on Lenny’s face left him confounded. The FBI agents jumped out of their cars and shouted to Kevin that he was under arrest. They demanded that Kevin put his hands up and lean against the car. Kevin laughed a tight little laugh. “You guys aren’t from the FBI. Show me your folds.” Six large FBI identification folds emerged.

Kevin looked at Lenny, who was dancing in little circles and laughing. “Len, why’d you do this to me?”

“Because you fucked me over” came Lenny’s reply.

The agents hustled Kevin into one of the cars.

“Lenny!” Kevin cried out. “Could you call my mom and tell her I’ve been arrested?”

Ignoring the plea, Lenny turned to Chris Headrick and smiled. [Headrick] nodded approvingly. “You did so well you should be in my business.”

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (pp. 136-140). Touchstone/Simon & Schuster. Kindle Edition.

Pengo and Project Equalizer

It’s interesting how the word “equalizer” crept in. Hübner was born to parents who were just lucky to be in West Berlin (the non Soviet part) when DDR General Secretary Walter Ulbricht began to construct a permanent wall dividing East and West in August 1961. The East-West tension molded the mindset of many German nationals and other Europeans of the time, as well. The West, dominated by the United States, displayed enormous superiority in weaponry and technology, in general, as the Soviet Union struggled to recover from the ruins of war and chafed under ruinous authoritarian rule. As Hübner and his friends investigated ways of cracking Western computer systems and retrieving valuable data, they saw their activities as working to “equalize” the balance.

The idea was simple enough: they were hackers who could get into some of the world’s most sensitive computers. From those computers they could extract sensitive information, information they knew would interest the Soviets. What was more, they could provide the Soviets with some of the software they needed to catch up with the technologically more advanced West. Why shouldn’t the Soviets want to do business with them? Of course it was illegal. They all knew that. But in selling the Russians military and scientific information, they argued, they would be doing their part for world peace. A name for the project? Equalizer.

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (p. 173). Touchstone/Simon & Schuster. Kindle Edition.

Hübner adopted Pengo from a heroic video game penguin, who pushed blocks of ice about to defeat adversaries. Of all the Equalizer group Pengo was the one who caught the attention of authorities when he his associate Markus Hess cracked into computers at Lawrence Berkeley Laboratory. An astronomer then working as a computer system manager, Cliff Stoll, spotted the intrusion serendipitously:

One of his first assignments seemed simple enough: to reconcile a small accounting error that had shown up. LBL used some home-brewed accounting software, and the patchwork of programs, written by summer students over the years, had come up with a seventy-five-cent discrepancy between the normal system accounting and the lab’s own charging scheme. Cliff stayed at work until midnight puzzling over the mysterious seventy-five-cent error, which he suspected might be a computational rounding error.

After careful examination, he discovered it wasn’t a rounding error, but the work of an unauthorized person from outside the lab using the account of an LBL researcher who had left several months earlier. With characteristic gusto, Cliff became a self-appointed one-man SWAT team. He set up traps that captured the hacker’s every keystroke on a printer and alerted him every time the intruder was in the computer. He kept a detailed logbook, and he wrote a software program that tripped his pocket pager whenever the trespasser logged on. Before long, he was doing little else but tracking the uninvited guest. Occasionally he even slept in his sleeping bag on his office floor to keep a constant vigil over the hacker.

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (p. 170). Touchstone/Simon & Schuster. Kindle Edition.

Stoll has written The Cuckoo’s Egg, a book detailing his weeks-long hunt for the intruder. A review will be on-line later this year. Stoll ultimately trapped Hess using a device concocted by his girlfriend:

It was Cliff Stoll’s girlfriend, Martha Matthews, who came up with a brilliant ruse to catch the intruders. Martha was a twenty-four-year-old Berkeley law student headed for a Supreme Court clerkship, her calm bearing an ideal counterweight to Stoll’s manic edge. If this rogue was so persistent in his pursuit of military data, she argued, then they should use his insatiable appetite to trap him. The idea was to round up volumes of government data, disguise it as secret military information, plant it in the LBL computer as bait, then entice the hacker by naming the false files something irresistible like “SDInet.”

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (pp. 190-191). Touchstone/Simon & Schuster. Kindle Edition.

SDI in those days stood for Strategic Defense Initiative, a Reagan administration program, since much derided, to counter ICBM attacks from space. A Soviet spy would definitely be interested in this stuff. And Hess was interested:

Stoll set up the SDInet file so that only he and anyone posing as a system manager would have access to it. The next step was to sit back and wait for the intruder to log on.

A few days later, the hacker was back for a routine cruise of the LBL system. Within minutes, he noticed the SDInet file. And sure enough, he stayed interested for more than an hour. Soon thereafter, Stoll got word that the trace had been completed to a certain residence in Hannover. But he wasn’t given more details, and certainly not the hacker’s name.

Then, as if to provide positive proof that espionage was involved in this hacker’s activities, a few months later, well after the January 30 cutoff date, the lab received a letter addressed to Barbara Sherwin. The stationery letterhead said Triam International in Pittsburgh, Pennsylvania. The author of the letter was one Laszlo Balogh, and he asked for specific classified information that had been listed in the bogus SDInet file. Stoll decided that Laszlo Balogh must have had some connection with the hacker, since Stoll and the hacker were the only two people in the world who could get at the SDInet file. Stoll’s first call was to the FBI. He was told to find a glassine envelope, presumably to preserve fingerprints, and mail the letter at once to FBI headquarters.

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (pp. 191-192). Touchstone/Simon & Schuster. Kindle Edition.

The ultimate trace identified Hess and resulted in the downfall of Project Equalizer. As it turned out, the group had never obtained classified data. Much of which they sold to their Soviet contact in East Berlin, Sergei, was material that could be obtained on the open market, and cheaper. Stoll went to Germany to testify at the trial:

In his conclusions to the court, presiding judge Spiller said he believed the hackers had indeed sold information out of military computers to the KGB, and that the KGB had probably found the information very interesting. But, he added, Sergei couldn’t have seen it as terribly valuable because he didn’t yield to the hackers’ demands for a million marks. In the end, all that hacker know-how went unappreciated, even by the Soviets.

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (p. 250). Touchstone/Simon & Schuster. Kindle Edition.

RTM

In contrast to the other hackers featured in the book, Robert Tappan Morris grew up in a nurturing environment, one of three children of highly-rated computer scientist Bob Morris and his wife Anne, a Music graduate of Bryn Mawr College. After a highly successful career at Bell Laboratories, Bob Morris moved on to work computer security at the secretive National Security Agency. Early on Robert T. Morris exceeded expectations, and the sky seemed to be the limit for him.

Much in contrast with Kevin Mitnick and Markus Hess, Robert Morris was completely absent of malice. His crime was no less earth-shattering:

Phil Lapsley, an engineering student at the University of California at Berkeley, was puzzled. No sooner had he logged in to a Sun Microsystems workstation than it was clear something was amiss.

Computers such as the Sun run dozens of programs at once, so it is routine for people like Lapsley who maintain them to peek periodically to see which programs are currently active. But on November 2, 1988 he saw, hidden among dozens of routine tasks, a small program controlled by an unusual user named daemon. Daemon is not the name of any particular human, but an apt label conventionally used for the utility programs that scurry around in the background and perform useful tasks. But this program was not one that Lapsley recognized.

“Is anyone running a job as daemon?” he asked the others in the “fishbowl,” room 199B at the Berkeley’s Experimental Computing Facility. People shook their heads. Then somebody else in the room pointed to one of the screens, where a program that monitored the status of various other computers in the department was displayed. Lapsley looked more closely and discovered that a number of people appeared to be trying to log in to other Berkeley computers. He decided it must be an attempted break-in. At least once a year, someone tried to break into the computers in Cory Hall, which houses the school’s prestigious electrical engineering department. The school year wouldn’t be complete otherwise.

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (pp. 253-254). Touchstone/Simon & Schuster. Kindle Edition.

A horrific night was just beginning. A graduate student at Cornell University, Robert Morris was experimenting with a self-duplicating, self-spreading computer worm. On the evening of 2 November 1988 he set it loose on a lab system and went to dinner. But a coding mistake gave his creation powers Morris did not intend, and it became a Frankenstein monster out of control on computers connected to the Internet. Although the worm (Morris called it a virus) did no damage to computer files, its consumption of processor resources and its relentless attempts to crack into more systems quickly brought down in the order of 6000 systems. The damage done was in the form of lost productivity of the systems infected and the hours of work required to restore the systems.

A reporter at The New York Times eventually identified Robert Morris as the perpetrator:

The anonymous caller to The New York Times on Thursday afternoon made it clear that he didn’t want to disclose who had written the Internet virus. He just wanted to let the Times know that the person who had written it was a well-intentioned soul who had made a terrible mistake in the code.

The switchboard first routed the call to the paper’s national news desk.

“Uh, I know something about the virus that’s going around,” said the caller.

“What virus?” The editor sounded confused.

“The computer virus that’s crashing computers all over the country.”

“Give me your number and someone will call you back,” said the editor.

The editor gave the message and a telephone number to John Markoff, the paper’s computer reporter. Markoff had already heard about the incident. He had received a call at 10: 00 that morning from Cliff Stoll, the Berkeley astronomer who had gumshoed his way to the bottom of the West German hacker case a year earlier. Stoll, who was now working at the Harvard-Smithsonian Center for Astrophysics, told Markoff he had been up the night battling the program, which had swamped fifty of the center’s machines. The reporter then spent the morning calling universities and research centers to see if they, too, had been infected. One of his calls was to an occasional contact at the National Security Agency. Markoff had called the NSA in the past on security-related stories, and he thought his contact there might tell him something about what was going on. But his contact wasn’t there and his call wasn’t returned.

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (p. 260). Touchstone/Simon & Schuster. Kindle Edition.

As it was, Markoff’s contact at NSA was Bob Morris. Eventually, when Markoff identified Robert Morris as the perpetrator and noted the same last name, Bob Morris acknowledged the culpability of his son.

Prosecutors convinced Federal District Judge Howard Munson to disregard the absence of malice. The crime for which Robert Morris was charged and convicted was the intrusion itself, only recently classified as a crime. Early on, computer hacking, more properly, computer intrusion was considered a sport among enthusiasts in the new technology.

With the more recent advent of malicious intent and actual damage computer intrusion has ceased to be viewed as a sport. For those who consider they are doing a service by highlighting flaws in security, consideration should be made of a comparison. Suppose you have skimped on the key lock to your house, and some intruder makes use of this lapse and uses something like a bumping key to gain admission. He enters, doesn’t break anything, does take anything, and then leaves. It’s the same as computer intrusion.

That was all over 25 years ago. More recently the likes of Edward Snowden are considered heroes to some. He did expose a hole in national security, which hole may still be vulnerable. For this he gets no reward and is still on the hook for violating an agreement he signed up for when taking his job at an NSA contractor.

What is noteworthy of Snowden’s success mirrors a recurring theme in the book. Snowden did not have access to the material he stole. He conned a co-worker, who did have access, into giving him access to the system holding the files. Especially, Kevin Mitnick made great use of personal skills in obtaining access. Often spoofing a bona fide worker, he would phone up and be given access by an unsuspecting account user.

To get onto Dockmaster, Kevin had found the name of someone outside of the NSA with a guest account. Posing as a technician at an NSA computer center, Kevin had telephoned the computer center, Kevin had telephoned the legitimate user and said he was issuing new passwords and needed some information: name, telephone and current password. It was an old trick that Kevin and Roscoe had refined together, and it usually worked like a charm.

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (p. 79). Touchstone/Simon & Schuster. Kindle Edition.

 

Other times he would just wander into a computer center, show an innocent face, and gain access.

Weak passwords abound in this story. I used them early on in my career. Purple was a popular password of mine. Modern users, annoyed at having to choose passwords that incorporate mixed upper and lower case, numbers, and special symbols, might take heed. Modern thieves have a way around this and have automated Kevin Mitnick’s social engineering. The technique is called phishing, spelled after the same fashion as phreaking. An email is sent asking you to change your password, which requires supplying your current password. Of course your real password does not get changed, and the crooks use your real password for their own use. Susan Thunder was right. As long as people are involved computer systems will never be completely secure.

Four years after the book came out Katie Hafner revisited the topic, and the latest edition has her epilogue. Kevin Mitnick did not reform, and following the completion of his sentence, he went back to his old ways. He was tracked down living in North Carolina and arrested again:

The records showed that the calls were coming from a local Netcom dial-in site in Raleigh. They were originating from a cellular telephone, hooked to a modem. As soon as possible, Shimomura was on a plane to Raleigh. By 1 A.M. on February 13, he was in the passenger seat of a Chevy Blazer driven by a Sprint cellular technician, his lap piled with scanning and homing equipment: a surveillance device he had rigged out of an Oki cell phone, a palmtop computer to control the Oki and the Sprint technician’s cellular scanner, which had a directional antenna for detecting signal strength, like a sophisticated geiger counter. Shimomura describes that part of the chase as trivial. “It’s like finding a lightbulb in the dark, or an avalanche beacon in the snow,” he said. “You walk toward where it’s brightest.”

Within thirty minutes, Shimomura had homed in on the Players Club apartments, a three-story complex near the airport. When he turned things over to the FBI to make the arrest, Shimomura advised the agents to move swiftly, to reduce the time Mitnick would have to destroy evidence. At 2 A.M. on February 15 the agents knocked on the door of apartment 202. It took Mitnick five minutes to open the door. When he did he demanded to see a search warrant. They had one, but for the wrong apartment. Prosecutors had called a federal magistrate to get a valid warrant, but the agents already were inside. Mitnick was under arrest.

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (p. 362). Touchstone/Simon & Schuster. Kindle Edition.

I have no current information on Pengo or Hess, but Kevin Mitnick has since been employed as a security advisor. Robert Morris is a tenured professor at MIT.

Despite being about the computer industry, the book was obviously composed manually and later converted to Kindle by mechanical means. Clues show up in failures of the process. A number of examples of transcription errors are obvious.

For example on page 140, within a distance of two inches of each other, are alternate spellings of the name Headrick (Head-rick). Apparently a paper page with “Headrick” broken over a line ending by a hyphen was scanned, and the pieces were not reconnected in the final product.

On page 42 a PDP-8 computer becomes a PDR-8.

On page 65 the strange construction “that the. computers” appears.

And a number of other places. Possibly the publisher will employ an avid reader to scan and fix a few of these bugs.

Advertisements

3 thoughts on “Interlopers

  1. Ah this is fascinating, even for a complete computer doofus like yours truly. I would not have let grifters like Mitnick off the hook so easily, however: he should have his salary garnished forever, to pay for the damage he’s done. Or keep him under lock & key. Or at least with the ankle bracelet, and the I.T. equivalent of a Sex Offender Register.

  2. Pingback: Rolling Scam | Skeptical Analysis

  3. Pingback: Bad Movie Wednesday | Skeptical Analysis

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s