Rolling Scam

Books-TheCuckoosEgg

In their book Cyberpunk, authors Katie Hafner and John Markoff, chronicle three notorious cases of computer intrusion from the 1980s, the early days of computer networks. The story of Project Equalizer involves a collaboration of cyber punks, including Hans Heinrich Hübner, aka “Pengo, and his collaborator Markus Hess. Hess brought down the group through his probing into American computer systems in search of military and trade secrets. The Cuckoo’s Egg is the tale by astronomer Cliff Stoll, working at the Lawrence Berkeley Laboratory, who noticed Hess’s activities and tracked him down.

It’s not just a story of a coming of age for computer intrusion awareness, but it’s also the story of astronomer Stoll’s coming to reconcile his naive world view. Not much is told of the author’s formative years, but by the time he was a 36-year-old post doc at UC Berkeley, his saw things through a short-focus lens that constricted his vision to preconceived notions born of political rhetoric. The Berkeley campus has since the 1960s epitomized radical, left-wing politics, and Stoll, when he came there from a Ph.D. program in Arizona, was apparently already shaped to fit in.

A post doc (post doctoral) position is a non-teaching job for a Ph.D. needing to do advanced work. The positions are typically not permanent, and when Stoll’s grant money ran out he retreated into a position managing the LBL computer system. As it turned out, scant hours into his new job, events launched Stoll into a career-bending trek through the underworld of cyber crime.

Directed to track down a $0.75 discrepancy in computer charges, Stoll lurched into the financial side of machine computation. In a facility such as LBL, computers are a service sold to users of the lab. Various research projects use lab facilities, and their research grants pay the costs of running the computers. center. Billings are apportioned for computer cycles, memory space disk space, and printing services used. Each billing cycle, projects that have accounts on the system are sent a bill. Only in this case, it appeared one user was shorting the system.

When Stoll investigated he discovered a user without an active account, and that user, sventek, was in the name of a researcher who had not been at LBL for a year. Some person was using computer facilities without authorization.

Astronomer turned system manager turned cyber sleuth Cliff Stoll documented his months-long quest for the elusive intruder, tracing him all the way back to Hannover, Germany. Along the way he learned the ins and outs of computer security, computer networking, data communications, governmental bureaucracy, and international law.

He set up a means to monitor the intruder’s actions without, himself, being detected by the intruder, and he watched the person’s activities. Alarmed, he observed the intruder using the LBL computer as a base for breaking into other computers at other locations, some as far away as Fort Buckner in Okinawa. Aghast, he observed the intruder penetrating computers operated by the secretive NSA.

Against his personal prejudices, he felt compelled to bring the case before the local office of the FBI. Surprise, they weren’t interested. They had bigger fish to fry. Their cutoff level was a $500,000 crime. Stoll ultimately found himself talking to, and involved with, the FBI, the CIA, the NSA, and military security services. Toward the end of his quest he’s was giving presentations at the highest levels of these offices at their Washington area headquarters.

Along the way Cliff Stoll pulled back the covers on some ugly truths about early computer security, some of which truths likely remain today. One is a method his intruder used to gain privileged use of the system.

GNU-Emacs is a file editor still in use and still popular with computer programmers. A feature of GNU-Emacs allows the user editing a file to forward a file by mail to another user. Once received, it would place the file in a specified directory without verifying the user had the privilege to write to that directory. The intruder used this mechanism to transfer a bogus atrun program file to a region giving it super user privilege. Once the transfer was accomplished, the UNIX operating system would execute the program, which was set to grant super user privileges to sventek. Super user privileges in a UNIX system place no restrictions on what an account can do.

Another thing Stoll observed was the intruder cracking passwords to log into other systems. This was made possible by users who selected account passwords found in an English dictionary. The intruder did this:

Using super user privilege, copy the password file to the intruder’s own computer. The password file looked something like this:

jason bdrxkdfjerrtuopqz
eglin  aakrddfblrnwpdof
morgan adrfdbxzporkwntf

And so on. There is a list of user names followed by encrypted passwords. When a user logs in he sees something like this:

login: jason
password: purple

The user supplies the login name and the password, shown in italics here. The password, purple, goes to the computer. The computer executes the encryption process against the password and compares the result with its encrypted copy. It does not save the bare password, so nobody can come back later and find the bare password on the computer.

The problem is, with a copy of the password file on the intruder’s computer, the intruder can at his leisure, compute the encryption of each word from an English dictionary and match the result against the encrypted password in the file. Once he finds an English word that produces a match, the intruder saves the clear code password for later use. The process can be automated, requiring about one second to encrypt each password for a VAX computer of those days. Guess what, today’s PCs are about 1000 times as fast as those VAXes. To shorten the turn around time, the intruder would likely execute the encryption algorithm once for a dictionary (about 100,000 words) and save the result for later use.

This only works if a user selects an English word. Any variation, random combinations of letters, mixed upper and lower case, the inclusion of numbers and special characters, would defeat this approach by making the search intractable. The sad fact, as Stoll discovered, is many users stuck with easy to remember English words, and the intruder sailed right into their accounts.

Worse yet, many system managers either retained default passwords for privileged accounts when they set up computer systems, or else they left privileged accounts wide open, requiring no password for access. A sample session recorded by Stoll shows the intruder breaking into a military computer by using the default password of a privileged account running on VMS:

Username: FIELD
Password: SERVICE

WELCOME TO THE AIR FORCE SYSTEM COMMAND— SPACE DIVISION VAX/ VMS 4.4
IMPORTANT NOTICE
Computer System problems should be directed to the Information Systems
Customer Service Section located in building 130, room 2359.
Phone 643-2177/ AV 833-2177.

Last interactive login on Thursday, 11-DEC-1986 19: 11
Last non-interactive login on Tuesday, 2-DEC-1986 17: 30

WARNING— Your password has expired; update immediately with SET PASSWORD

Stoll, Clifford. CUCKOO’S EGG (p. 228). Knopf Doubleday Publishing Group. Kindle Edition.

The message indicates the field service account has not been used since 11 December and that the password has expired. Many systems have the feature to expire passwords, hopefully forcing users to change them periodically. In this case, the intruder was so bent on going after something on this system that he forgot to renew the password before logging off. Once he logged off he was unable to log back on. The irony is that Stoll contacted the Air Force System Command about the intrusion and was promised the matter would be taken care of. How the matter was handled was that word was passed down to system administrators that the field service password had expired. The manager of this system then reset the password: to SERVICE! The intruder was subsequently able to log onto the system at a later date! This kind of mindless system management was observed throughout Stoll’s adventure with the German intruder.

The story includes comedy as well as drama. Stoll set himself up with a pager to notify him whenever the intruder logged onto his computer. The pager barged in at the most inopportune times:

In the shower, I felt revived. Martha sudsed my back while I basked in hot water. Maybe the wholesome rustic life wasn’t so bad after all.

Martha was in the midst of shampooing my hair when the nasty whine of my beeper, buried in a pile of clothing, destroyed our peace. Martha groaned and started to protest: “Don’t you dare.…”

Too late. I jumped out of the shower and ran to the living room, switched on my Macintosh, and called the lab computer. Sventek.

A second later, I’m talking to Steve White at his home. “He’s here, Steve.”

“OK. I’ll trace him and call Frankfurt.”

A moment later, Steve’s back on the line.

“He’s gone. The hacker was here a moment ago, but he’s disconnected already. No use calling Germany now.”

Damn. I stood there in utter frustration; stark naked, wet and shivering, standing in a puddle in our dining room, dripping blobs of shampoo onto my computer’s keyboard.

Claudia had been practicing Beethoven, but startled by the sight of her roommate charging, naked, into the living room, she’d put down her violin and stared. Then she laughed and played a few bars of a burlesque tune. I tried to respond with a bump and grind, but was too obsessed with the hacker to pull it off.

I wandered sheepishly back into the bathroom. Martha glowered at me, then relented and pulled me into the shower again, under the hot water.

Stoll, Clifford. CUCKOO’S EGG (p. 255). Knopf Doubleday Publishing Group. Kindle Edition.

The shower incident inspired a suggestion from their roommate Claudia. Why not set a trap for the intruder. The trap involved creating a large amount of phony documentation on Stoll’s computer, documentation that alluded to SDI, the Strategic Defense Initiative popular with the Reagan administration at the time.

The intruder bought into it completely and downloaded massive quantities of useless data, requiring him to stay on line for hours while his connection back to Hannover was traced. Additionally, the documentation included a notice to contact the phony “Barbara Sherwin” at LBL for additional information. Weeks later, after Markus Hess had been arrested, Laszlo Balogh of Pittsburgh, Pennsylvania, sent a letter to “Barbara Sherwin,” requesting additional documentation. The trap was well and truly sprung. The intruder was the only person in the outside world who knew about “Barbara Sherwin.”

In all this Cliff Stoll was constantly stymied by lack of support from government agencies. Even after the FBI, CIA, NSA, and military security became involved in the case, no government funds were forthcoming to support the investigative activities at LBL. The government Department of Energy, which had taken over production of nuclear weapons and nuclear power following World War Two, funded LBL, and Stoll was, from time to time, cleared to continue working nearly full time on the project.

As the case wound down, Stoll could get no information about the intruder from government sources. It was as though he were plugging coins into a vending machine and not getting anything out. A visit to Washington to give lectures on the case culminated with a scheduled lecture at CIA headquarters in Langley. It turned out to be a presentation of a different kind:

So this is the meeting. It turns out that the seventh floor is the hide-out for the CIA’s high-muckity-mucks. Hank Mahoney’s the CIA’s deputy director; grinning nearby was Bill Donneley, the assistant director, and a couple others.

“You mean that you’ve heard about this case?”

“We’ve been following it daily. Of course, this case alone may not seem like much. But it represents a serious problem for the future. We appreciate your taking the effort to keep us informed.” They presented me with a certificate of appreciation— wrapped up like a diploma.

I didn’t know what to say, so I stammered out my thanks and looked at Teejay, who was chuckling. Afterward, he said, “We wanted to keep it a surprise.”

Surprise? Jeez— I’d expected to walk into a room of programmers and give a shoptalk on network security. I glanced at the certificate. It was signed by William Webster, director of the CIA.

Stoll, Clifford. CUCKOO’S EGG (pp. 319-320). Knopf Doubleday Publishing Group. Kindle Edition.

The book concludes with an epilogue, with Cliff and Martha, companions and lovers for over eight years, getting married and moving to the Boston area, where Martha obtained a clerkship at federal court. There, Cliff got involved again when the RTM worm of November 1988 hit his and about 2000 other systems on the Internet. One of the people he contacted early on was Bob Morris at the NSA, a computer security expert he had worked with while chasing the German intruder. Ironically, it turned out the person behind the notorious worm attack was Robert T. Morris, Bob Morris’s son, then studying at Cornell.

The book ends without telling of Stoll’s testimony in Germany in the prosecution of Markus Hess, Pengo, and others. In the end it was determined the Project Equalizer gang had only sold worthless information to the Soviets, and they received light sentences. One, Karl Koch, who used the nom de guerre Hagbard, was an mentally disturbed drug addict who apparently killed himself:

Hagbard was last seen alive on May 23, 1989. In an isolated forest outside of Hannover, police found his charred bones next to a melted can of gasoline. A borrowed car was parked nearby, keys still in the ignition.

Stoll, Clifford. CUCKOO’S EGG (p. 369). Knopf Doubleday Publishing Group. Kindle Edition.

One of the tremendous rewards of working at places like LBL is the opportunity to rub shoulders with the brighter lights of human society.

 

Depressed, I shuffled to lunch. At the LBL cafeteria, Luis Alvarez sat down across from me. Inventor, physicist, and Nobel Laureate, Luie was the twentieth-century Renaissance man. He didn’t waste time on bureaucracy; he demanded results.

“How’s astronomy?” Even from the stratosphere, Alvarez still found time to talk to pipsqueaks like me. “Still building that telescope?”

Stoll, Clifford. CUCKOO’S EGG (p. 105). Knopf Doubleday Publishing Group. Kindle Edition.

Luis Alvarez was awarded the Nobel Prize in Physics in 1968 for his work on particle physics. He is also credited with proposing an asteroid collision as a contributor to the extinction of dinosaurs 65 million years ago. We saw him featured in Richard Rhodes’ book The Making of the Atomic Bomb:

It’s about people who have already won a Nobel Prize getting dirty and carrying blocks of sooty graphite and packages of uranium compound into the lab. It’s (future Nobel winner) Luis Alvarez first learning of induced fission while reading the San Francisco Chronicle in a barber’s chair and rushing off to his lab, with an unfinished hair cut. It’s General Groves putting a tail on Robert Oppenheimer and learning that the married directory of the Manhattan Project science team spent the night with an ex-girlfriend, who was an avowed communist.

In reviewing Kindle editions I sometimes find problems with books that have been transcribed from hard copy. Often transliteration errors, due to failures of the OCR system, show up. That didn’t explain this strange construction I found on page 308:

But according to Marv, this guy less did it in three weeks.

 

Advertisements

Interlopers

Book-CyberpukCover-01

Update

This entry has been corrected to reflect that Pengo’s associate Markus Hess was the key hacker in the Project Equalizer episode.

A headline from a few years back:

New York Times Hacked: Website Back To Normal After Outage

08/29/2013 09:49 am ET | Updated Aug 29, 2013

The New York Times website was back up on Wednesday after what appeared to be an attack by the Syrian Electronic Army.

The website went down for most users Tuesday afternoon. The newspaper revealed shortly after the outage struck that it had been hit by “a malicious external attack.” The Syrian Electronic Army, the pro-Assad group that has targeted numerous news outlets in recent months, claimed responsibility for the attack.

Before there was ISIL, before there was the Syrian Electronic Army, before there was the World Wide Web, there was Cyberpunk.

In the historical study by Katie Hafner and John Markoff, Kevin Mitnick is a sociopathic night stalker, prowling at first America’s telephone networks and ultimately computer centers at the highest levels. Hans Heinrich Hübner, aka “Pengo,” is a disaffected youth coming of age in Cold War Berlin and turning to computer crime with visions of grandeur. Robert T. Morris is computer genius on the elevator to greatness before being seduced into the world of computer meddling. They are all cyberpunks:

Cyberpunk is a subgenre of science fiction in a future setting that tends to focus on the society of the proverbial “high tech low life” featuring advanced technological and scientific achievements, such as information technology and cybernetics, juxtaposed with a degree of breakdown or radical change in the social order.

Cyberpunk plots often center on conflict among artificial intelligences, hackers, and among megacorporations, and tend to be set in a future Earth, rather than in the far-future settings or galactic vistas found in novels such as Isaac Asimov‘s Foundation or Frank Herbert‘s Dune. The settings are usually post-industrial dystopias but tend to feature extraordinary cultural ferment and the use of technology in ways never anticipated by its original inventors (“the street finds its own uses for things”). Much of the genre’s atmosphere echoes film noir, and written works in the genre often use techniques from detective fiction.

Hafner and Markoff came out with their book in 1991, shortly after computer intrusion began to hit the national news in the 1980s. Headlines such as the one above are commonplace now, showing that these three cases of computer intrusion were just the camel’s nose. Darker things were to come.

So much of what the book is about is today passé. Technology has swept over the world of computer intrusion like an ocean wave, leaving anybody reading the book today marveling at the quaintness of it all. I’m not going to dissect the book. I will just run through the three episodes, giving interested readers a taste of a world gone by.

The book is three almost independent stories:

Kevin: The Dark-Side Hacker

A dysfunctional family is not essential to the creation of a social misfit, but in Kevin Mitnick’s case it was a kindly assist:

Kevin was the kind of kid who would be picked last for a school team. His oversize plaid shirts were seldom tucked in, and his pear-shaped body was so irregular that any blue jeans would be an imperfect fit. His seventeen years hadn’t been easy. When Kevin was three, his parents separated. His mother, Shelly, got a job as a waitress at a local delicatessen and embarked on a series of new relationships. Every time Kevin started to get close to a new father, the man disappeared. Kevin’s real father was seldom in touch; he remarried and had another son, athletic and good-looking. During Kevin’s junior high school years, just as he was getting settled into a new school, the family moved. It wasn’t surprising that Kevin looked to the telephone for solace.

Susan and Kevin didn’t get along from the start. Kevin had no use for Susan, and Susan saw him as a hulking menace with none of Roscoe’s charm. What was more, he seemed to have a malicious streak that she didn’t see in Roscoe. This curiously oafish friend of Roscoe’s always seemed to be busy carrying out revenge of one sort or another, cutting off someone’s phone service or harassing people over the amateur radio. At the same time, Kevin was a master of the soothing voice who aimed at inspiring trust, then cooperation. Kevin used his silken entreaties to win over even the most skeptical keepers of passwords. And he seemed to know even more about the phone system than Roscoe. Kevin’s most striking talent was his photographic memory. Presented with a long list of computer passwords for a minute or two, an hour later Kevin could recite the list verbatim.

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (p. 26). Touchstone/Simon & Schuster. Kindle Edition.

Susan was likewise a product of a shattered family life, quickly growing to a statuesque six feet and early on gaining success as a prostitute. One thing she shared with Kevin and others of the gang was strength in social engineering. A key to success for these early break-in artists was the ability to talk themselves into safely-guarded systems and to cajole others into surrendering secret passwords.

Susan liked to illustrate her belief with the following scenario: Take a computer and put it in a bank vault with ten-foot-thick walls. Power it up with an independent source, with a second independent source for backup. Install a combination lock on the door, along with an electronic beam security system. Give one person access to the vault. Then give one more person access to that system and security is cut in half. With a second person in the picture, Susan said, she could play the two against each other. She could call posing as the secretary of one person, or as a technician in for repair at the request of the other. She could conjure dozens of ruses for using one set of human foibles against another. And the more people with access the better. In the military, hundreds of people have access. At corporations, thousands do. “I don’t care how many millions of dollars you spend on hardware,” Susan would

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (p. 61). Touchstone/Simon & Schuster. Kindle Edition.

Kevin early gained notoriety as a ham radio abuser. This attracted the attention of Roscoe, leading to a collaboration that came to be called the Roscoe Gang. It comprised Roscoe, Kevin Mitnick, Susan Thunder, and ultimately Lenny DiCicco. The early interest of Kevin and Roscoe was phone phreaking:

Phreaking is a slang term coined to describe the activity of a culture of people who study, experiment with, or explore, telecommunication systems, such as equipment and systems connected to public telephone networks. The term phreak is a sensational spelling of the word freak with the ph- from phone, and may also refer to the use of various audio frequencies to manipulate a phone system. Phreak, phreaker, or phone phreak are names used for and by individuals who participate in phreaking.

The term first referred to groups who had reverse engineered the system of tones used to route long-distance calls. By re-creating these tones, phreaks could switch calls from the phone handset, allowing free calls to be made around the world. To ease the creation of these tones, electronic tone generators known as blue boxes became a staple of the phreaker community, including future Apple Inc. cofounders Steve Jobs and Steve Wozniak.

What is most ironic is that Apple Computer, a company notorious for initiating lawsuits over copyright infringement, was started by two individuals engaged in this parallel, illegal, enterprise.

From stealing time from the telephone company, Kevin migrated into computer intrusion. At this he became famously adroit, a prime tool being his aforementioned social engineering skills. What eventually brought Kevin down was his vituperative mindset, the same that gained him attention in ham radio circles. He invested enormous enterprise and took great satisfaction in rendering unto those he considered had done him wrong or had otherwise disparaged him. When he screwed over Lenny, Lenny returned the kindness by dropping a dime on Kevin. I cringe at the term, now completely obsoleted by the advent of modern telephone systems. The curtain fell this way:

Kevin was taken completely by surprise. The broad grin on Lenny’s face left him confounded. The FBI agents jumped out of their cars and shouted to Kevin that he was under arrest. They demanded that Kevin put his hands up and lean against the car. Kevin laughed a tight little laugh. “You guys aren’t from the FBI. Show me your folds.” Six large FBI identification folds emerged.

Kevin looked at Lenny, who was dancing in little circles and laughing. “Len, why’d you do this to me?”

“Because you fucked me over” came Lenny’s reply.

The agents hustled Kevin into one of the cars.

“Lenny!” Kevin cried out. “Could you call my mom and tell her I’ve been arrested?”

Ignoring the plea, Lenny turned to Chris Headrick and smiled. [Headrick] nodded approvingly. “You did so well you should be in my business.”

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (pp. 136-140). Touchstone/Simon & Schuster. Kindle Edition.

Pengo and Project Equalizer

It’s interesting how the word “equalizer” crept in. Hübner was born to parents who were just lucky to be in West Berlin (the non Soviet part) when DDR General Secretary Walter Ulbricht began to construct a permanent wall dividing East and West in August 1961. The East-West tension molded the mindset of many German nationals and other Europeans of the time, as well. The West, dominated by the United States, displayed enormous superiority in weaponry and technology, in general, as the Soviet Union struggled to recover from the ruins of war and chafed under ruinous authoritarian rule. As Hübner and his friends investigated ways of cracking Western computer systems and retrieving valuable data, they saw their activities as working to “equalize” the balance.

The idea was simple enough: they were hackers who could get into some of the world’s most sensitive computers. From those computers they could extract sensitive information, information they knew would interest the Soviets. What was more, they could provide the Soviets with some of the software they needed to catch up with the technologically more advanced West. Why shouldn’t the Soviets want to do business with them? Of course it was illegal. They all knew that. But in selling the Russians military and scientific information, they argued, they would be doing their part for world peace. A name for the project? Equalizer.

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (p. 173). Touchstone/Simon & Schuster. Kindle Edition.

Hübner adopted Pengo from a heroic video game penguin, who pushed blocks of ice about to defeat adversaries. Of all the Equalizer group Pengo was the one who caught the attention of authorities when he his associate Markus Hess cracked into computers at Lawrence Berkeley Laboratory. An astronomer then working as a computer system manager, Cliff Stoll, spotted the intrusion serendipitously:

One of his first assignments seemed simple enough: to reconcile a small accounting error that had shown up. LBL used some home-brewed accounting software, and the patchwork of programs, written by summer students over the years, had come up with a seventy-five-cent discrepancy between the normal system accounting and the lab’s own charging scheme. Cliff stayed at work until midnight puzzling over the mysterious seventy-five-cent error, which he suspected might be a computational rounding error.

After careful examination, he discovered it wasn’t a rounding error, but the work of an unauthorized person from outside the lab using the account of an LBL researcher who had left several months earlier. With characteristic gusto, Cliff became a self-appointed one-man SWAT team. He set up traps that captured the hacker’s every keystroke on a printer and alerted him every time the intruder was in the computer. He kept a detailed logbook, and he wrote a software program that tripped his pocket pager whenever the trespasser logged on. Before long, he was doing little else but tracking the uninvited guest. Occasionally he even slept in his sleeping bag on his office floor to keep a constant vigil over the hacker.

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (p. 170). Touchstone/Simon & Schuster. Kindle Edition.

Stoll has written The Cuckoo’s Egg, a book detailing his weeks-long hunt for the intruder. A review will be on-line later this year. Stoll ultimately trapped Hess using a device concocted by his girlfriend:

It was Cliff Stoll’s girlfriend, Martha Matthews, who came up with a brilliant ruse to catch the intruders. Martha was a twenty-four-year-old Berkeley law student headed for a Supreme Court clerkship, her calm bearing an ideal counterweight to Stoll’s manic edge. If this rogue was so persistent in his pursuit of military data, she argued, then they should use his insatiable appetite to trap him. The idea was to round up volumes of government data, disguise it as secret military information, plant it in the LBL computer as bait, then entice the hacker by naming the false files something irresistible like “SDInet.”

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (pp. 190-191). Touchstone/Simon & Schuster. Kindle Edition.

SDI in those days stood for Strategic Defense Initiative, a Reagan administration program, since much derided, to counter ICBM attacks from space. A Soviet spy would definitely be interested in this stuff. And Hess was interested:

Stoll set up the SDInet file so that only he and anyone posing as a system manager would have access to it. The next step was to sit back and wait for the intruder to log on.

A few days later, the hacker was back for a routine cruise of the LBL system. Within minutes, he noticed the SDInet file. And sure enough, he stayed interested for more than an hour. Soon thereafter, Stoll got word that the trace had been completed to a certain residence in Hannover. But he wasn’t given more details, and certainly not the hacker’s name.

Then, as if to provide positive proof that espionage was involved in this hacker’s activities, a few months later, well after the January 30 cutoff date, the lab received a letter addressed to Barbara Sherwin. The stationery letterhead said Triam International in Pittsburgh, Pennsylvania. The author of the letter was one Laszlo Balogh, and he asked for specific classified information that had been listed in the bogus SDInet file. Stoll decided that Laszlo Balogh must have had some connection with the hacker, since Stoll and the hacker were the only two people in the world who could get at the SDInet file. Stoll’s first call was to the FBI. He was told to find a glassine envelope, presumably to preserve fingerprints, and mail the letter at once to FBI headquarters.

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (pp. 191-192). Touchstone/Simon & Schuster. Kindle Edition.

The ultimate trace identified Hess and resulted in the downfall of Project Equalizer. As it turned out, the group had never obtained classified data. Much of which they sold to their Soviet contact in East Berlin, Sergei, was material that could be obtained on the open market, and cheaper. Stoll went to Germany to testify at the trial:

In his conclusions to the court, presiding judge Spiller said he believed the hackers had indeed sold information out of military computers to the KGB, and that the KGB had probably found the information very interesting. But, he added, Sergei couldn’t have seen it as terribly valuable because he didn’t yield to the hackers’ demands for a million marks. In the end, all that hacker know-how went unappreciated, even by the Soviets.

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (p. 250). Touchstone/Simon & Schuster. Kindle Edition.

RTM

In contrast to the other hackers featured in the book, Robert Tappan Morris grew up in a nurturing environment, one of three children of highly-rated computer scientist Bob Morris and his wife Anne, a Music graduate of Bryn Mawr College. After a highly successful career at Bell Laboratories, Bob Morris moved on to work computer security at the secretive National Security Agency. Early on Robert T. Morris exceeded expectations, and the sky seemed to be the limit for him.

Much in contrast with Kevin Mitnick and Markus Hess, Robert Morris was completely absent of malice. His crime was no less earth-shattering:

Phil Lapsley, an engineering student at the University of California at Berkeley, was puzzled. No sooner had he logged in to a Sun Microsystems workstation than it was clear something was amiss.

Computers such as the Sun run dozens of programs at once, so it is routine for people like Lapsley who maintain them to peek periodically to see which programs are currently active. But on November 2, 1988 he saw, hidden among dozens of routine tasks, a small program controlled by an unusual user named daemon. Daemon is not the name of any particular human, but an apt label conventionally used for the utility programs that scurry around in the background and perform useful tasks. But this program was not one that Lapsley recognized.

“Is anyone running a job as daemon?” he asked the others in the “fishbowl,” room 199B at the Berkeley’s Experimental Computing Facility. People shook their heads. Then somebody else in the room pointed to one of the screens, where a program that monitored the status of various other computers in the department was displayed. Lapsley looked more closely and discovered that a number of people appeared to be trying to log in to other Berkeley computers. He decided it must be an attempted break-in. At least once a year, someone tried to break into the computers in Cory Hall, which houses the school’s prestigious electrical engineering department. The school year wouldn’t be complete otherwise.

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (pp. 253-254). Touchstone/Simon & Schuster. Kindle Edition.

A horrific night was just beginning. A graduate student at Cornell University, Robert Morris was experimenting with a self-duplicating, self-spreading computer worm. On the evening of 2 November 1988 he set it loose on a lab system and went to dinner. But a coding mistake gave his creation powers Morris did not intend, and it became a Frankenstein monster out of control on computers connected to the Internet. Although the worm (Morris called it a virus) did no damage to computer files, its consumption of processor resources and its relentless attempts to crack into more systems quickly brought down in the order of 6000 systems. The damage done was in the form of lost productivity of the systems infected and the hours of work required to restore the systems.

A reporter at The New York Times eventually identified Robert Morris as the perpetrator:

The anonymous caller to The New York Times on Thursday afternoon made it clear that he didn’t want to disclose who had written the Internet virus. He just wanted to let the Times know that the person who had written it was a well-intentioned soul who had made a terrible mistake in the code.

The switchboard first routed the call to the paper’s national news desk.

“Uh, I know something about the virus that’s going around,” said the caller.

“What virus?” The editor sounded confused.

“The computer virus that’s crashing computers all over the country.”

“Give me your number and someone will call you back,” said the editor.

The editor gave the message and a telephone number to John Markoff, the paper’s computer reporter. Markoff had already heard about the incident. He had received a call at 10: 00 that morning from Cliff Stoll, the Berkeley astronomer who had gumshoed his way to the bottom of the West German hacker case a year earlier. Stoll, who was now working at the Harvard-Smithsonian Center for Astrophysics, told Markoff he had been up the night battling the program, which had swamped fifty of the center’s machines. The reporter then spent the morning calling universities and research centers to see if they, too, had been infected. One of his calls was to an occasional contact at the National Security Agency. Markoff had called the NSA in the past on security-related stories, and he thought his contact there might tell him something about what was going on. But his contact wasn’t there and his call wasn’t returned.

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (p. 260). Touchstone/Simon & Schuster. Kindle Edition.

As it was, Markoff’s contact at NSA was Bob Morris. Eventually, when Markoff identified Robert Morris as the perpetrator and noted the same last name, Bob Morris acknowledged the culpability of his son.

Prosecutors convinced Federal District Judge Howard Munson to disregard the absence of malice. The crime for which Robert Morris was charged and convicted was the intrusion itself, only recently classified as a crime. Early on, computer hacking, more properly, computer intrusion was considered a sport among enthusiasts in the new technology.

With the more recent advent of malicious intent and actual damage computer intrusion has ceased to be viewed as a sport. For those who consider they are doing a service by highlighting flaws in security, consideration should be made of a comparison. Suppose you have skimped on the key lock to your house, and some intruder makes use of this lapse and uses something like a bumping key to gain admission. He enters, doesn’t break anything, does take anything, and then leaves. It’s the same as computer intrusion.

That was all over 25 years ago. More recently the likes of Edward Snowden are considered heroes to some. He did expose a hole in national security, which hole may still be vulnerable. For this he gets no reward and is still on the hook for violating an agreement he signed up for when taking his job at an NSA contractor.

What is noteworthy of Snowden’s success mirrors a recurring theme in the book. Snowden did not have access to the material he stole. He conned a co-worker, who did have access, into giving him access to the system holding the files. Especially, Kevin Mitnick made great use of personal skills in obtaining access. Often spoofing a bona fide worker, he would phone up and be given access by an unsuspecting account user.

To get onto Dockmaster, Kevin had found the name of someone outside of the NSA with a guest account. Posing as a technician at an NSA computer center, Kevin had telephoned the computer center, Kevin had telephoned the legitimate user and said he was issuing new passwords and needed some information: name, telephone and current password. It was an old trick that Kevin and Roscoe had refined together, and it usually worked like a charm.

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (p. 79). Touchstone/Simon & Schuster. Kindle Edition.

 

Other times he would just wander into a computer center, show an innocent face, and gain access.

Weak passwords abound in this story. I used them early on in my career. Purple was a popular password of mine. Modern users, annoyed at having to choose passwords that incorporate mixed upper and lower case, numbers, and special symbols, might take heed. Modern thieves have a way around this and have automated Kevin Mitnick’s social engineering. The technique is called phishing, spelled after the same fashion as phreaking. An email is sent asking you to change your password, which requires supplying your current password. Of course your real password does not get changed, and the crooks use your real password for their own use. Susan Thunder was right. As long as people are involved computer systems will never be completely secure.

Four years after the book came out Katie Hafner revisited the topic, and the latest edition has her epilogue. Kevin Mitnick did not reform, and following the completion of his sentence, he went back to his old ways. He was tracked down living in North Carolina and arrested again:

The records showed that the calls were coming from a local Netcom dial-in site in Raleigh. They were originating from a cellular telephone, hooked to a modem. As soon as possible, Shimomura was on a plane to Raleigh. By 1 A.M. on February 13, he was in the passenger seat of a Chevy Blazer driven by a Sprint cellular technician, his lap piled with scanning and homing equipment: a surveillance device he had rigged out of an Oki cell phone, a palmtop computer to control the Oki and the Sprint technician’s cellular scanner, which had a directional antenna for detecting signal strength, like a sophisticated geiger counter. Shimomura describes that part of the chase as trivial. “It’s like finding a lightbulb in the dark, or an avalanche beacon in the snow,” he said. “You walk toward where it’s brightest.”

Within thirty minutes, Shimomura had homed in on the Players Club apartments, a three-story complex near the airport. When he turned things over to the FBI to make the arrest, Shimomura advised the agents to move swiftly, to reduce the time Mitnick would have to destroy evidence. At 2 A.M. on February 15 the agents knocked on the door of apartment 202. It took Mitnick five minutes to open the door. When he did he demanded to see a search warrant. They had one, but for the wrong apartment. Prosecutors had called a federal magistrate to get a valid warrant, but the agents already were inside. Mitnick was under arrest.

Hafner, Katie; Markoff, John. Cyberpunk: Outlaws and Hackers on the Computer Frontier (p. 362). Touchstone/Simon & Schuster. Kindle Edition.

I have no current information on Pengo or Hess, but Kevin Mitnick has since been employed as a security advisor. Robert Morris is a tenured professor at MIT.

Despite being about the computer industry, the book was obviously composed manually and later converted to Kindle by mechanical means. Clues show up in failures of the process. A number of examples of transcription errors are obvious.

For example on page 140, within a distance of two inches of each other, are alternate spellings of the name Headrick (Head-rick). Apparently a paper page with “Headrick” broken over a line ending by a hyphen was scanned, and the pieces were not reconnected in the final product.

On page 42 a PDP-8 computer becomes a PDR-8.

On page 65 the strange construction “that the. computers” appears.

And a number of other places. Possibly the publisher will employ an avid reader to scan and fix a few of these bugs.