Having stolen the Goran account, he then grabbed the Whitberg account. The hacker now controlled at least four accounts, Sventek, Whitberg, Goran, and Mark, on two of our Unix computers. How many other accounts did he hold? On which other systems?
While running under Whitberg’s pseudonym, the hacker tried to connect through our Milnet link into three Air Force systems. After waiting a minute for those distant computers to respond, he gave up, and started listing files belonging to LBL folks. He grew tired of this after reading a few scientific papers, several boring research proposals, and a detailed description of how to measure the nuclear cross section of some beryllium isotope. Yawn. Breaking into computers sure wasn’t the key to power, fame, and the wisdom of the ages.
Getting into our two Unix systems hadn’t satisfied my voracious foe. He’d tried hurdling the moat around our secured Unix-8 computer, but failed—Dave had sealed off that machine. Frustrated at this, he printed a list of remote computers available from our site.
Nothing secret there, just the names, phone numbers, and electronic addresses for thirty Berkeley computers.
With the full moon, I expected more hacking and planned on sleeping under the desk. The hacker didn’t show up that evening, but Martha did. Around seven, she biked up, bringing a thermos of minestrone and some quilting to keep me occupied. There’s no shortcut to hand stitching a quilt. Each triangle, square, and parallelogram must be cut to size, ironed, assembled, and sewn to its neighbors. Up close, it’s hard to tell the pieces from the scraps. The design becomes visible only after the scraps are discarded, and you stitch the pieces together. Hmmm. A lot like understanding this hacker.
Around 11:30, I gave up my watch. If the hacker wanted to show up at midnight, the printers would catch him anyway.
The next day, the hacker turned up once. I missed him, preferring to share lunch with Martha just off campus. It was worth it: on a street corner, a jazz band played 1930s tunes.
The singer belted out some ’30s ditty, “Everybody loves my baby, but my baby loves nobody but me.”
“That’s absurd,” Martha said between tunes. “Logically analyzed, the singer must be his own baby.”
“Huh?” It sounded fine to me.
“Look. ‘Everybody’ includes my baby. Since ‘Everybody loves my baby,’ then my baby loves herself. Right?”
“Uh, yeah.” I tried to follow.
“But then he says, ‘My baby loves nobody but me.’ So my baby, who must love herself, cannot love anyone else. Therefore, my baby must be me.”
She explained it twice before I understood. The singer had never learned elementary logic. Neither had I.
By the time I returned from lunch, the hacker was long gone, leaving his trail on a paper printout.
For once, he didn’t become super-user. Yes, in his paranoid way, he checked for systems people and monitoring processes, but he didn’t sneak through the hole in the operating system.
Instead, he went fishing over the Milnet.
A single isolated computer, out of communication with the world, is immune to attack. But a hermit computer has limited value; it can’t keep up with what’s happening around it. Computers are of the greatest use when they interact with people, mechanisms, and other computers. Networks let people share data, programs, and electronic mail.
What’s on a computer network? What do computers have to say to each other? Most personal computers satisfy the needs of their owners, and don’t need to talk to other systems. For word processing, accounting spread-sheets, and games, you really don’t need any other computers. But hook up a modem to your computer, and your telephone will report the latest from the stock market, news wires, and rumor mills. Connecting to another computer gives you a powerful way to tune in the latest news.
Our networks form neighborhoods, each with a sense of community. The high-energy physics networks transfer lots of data about subatomic particles, research proposals, as well as gossip about who’s pushing for a Nobel prize. Unclassified military networks probably pass along orders for shoes, requests for funding, and rumors of who’s jockeying for base commander. Somewhere, I’ll bet there are classified networks, to exchange secret military orders and top secret gossip like who’s sleeping with the base commander.
These electronic communities are bounded by the limits of their communications protocols. Simple networks, like public bulletin boards, use the simplest ways to communicate. Anyone with a personal computer and a telephone can link into them. Advanced networks require leased telephone lines and dedicated computers, interconnecting hundreds or thousands of computers. These physical differences set boundaries between networks. The networks themselves are linked together by gateway computers, which pass reformatted messages between different networks.
Like Einstein’s universe, most networks are finite but unbounded. There’s only a certain number of computers attached, yet you never quite reach the edge of the network. There’s always another computer down the line. Eventually, you’ll make a complete circuit and wind up back where you started. Most networks are so complicated and interwoven that no one knows where all their connections lead, so most people have to explore to find their way around.
Our lab’s computers connect to a dozen computer networks. Some of them are local, like the ethernet that ties computers in one building to a lab next door. Other nets reach to an extended community: the Bay Area Research Net links a dozen northern California universities. Finally, the national and international networks let our scientists connect to computers around the world. But the premier network is the Internet.
In the mid 1950s, the Federal government started building the interstate highway system, a twentieth-century marvel of pork-barrel public-works politics. With memories of wartime transportation shortages, military leaders made certain that the interstate system could handle tanks, military convoys, and troop carriers. Today, few think of interstate highways as a military system, though they’re just as capable of sending tanks across the country as trucks.
With the same reasoning, the Department of Defense began developing a network to link military computers together. In 1969, the Defense Advanced Research Projects Agency’s (DARPA) experiments evolved into the Arpanet and then into the Internet: an electronic highway interconnecting a hundred-thousand computers around the world.
In the world of computing, the Internet is at least as successful as the interstate system. Both have been overwhelmed by their success, and everyday carry traffic far beyond what their designers dreamt. Each regularly inspires complaints of traffic jams, inadequate routes, shortsighted planning, and inadequate maintenance. Yet even these complaints reflect the phenomenal popularity of what was an uncertain experiment only a few years ago.
At first, DARPA’s network was simply a testbed to prove that computers could be linked together. Since it was seen as an unreliable experiment, universities and laboratories used it, and mainstream military people ignored it. After eight years, only a few hundred computers connected into the Arpanet, but gradually, others were attracted by the network’s reliability and simplicity. By 1985 the network directory listed tens of thousands of computers; today, there must be over one hundred thousand. Taking a census of networked computers would be like counting the cities and towns reachable from the interstate system—it’s hard to name many places which can’t be reached via some convoluted route.
The network’s growing pains have been reflected in name changes. The first Arpanet was a backbone connecting random university, military, and defense contractor computers. As military people grew to depend on the network for carrying messages and mail, they decided to split the network into a military portion, the Milnet, and a research section, the Arpanet.
But there’s not much difference between the military and academic nets, and gateways let traffic flow between them. Indeed, any Arpanet user can connect to any Milnet computer without so much as an invitation. Together, the Arpanet, Milnet, and a hundred other networks make up the
Internet.
There are thousands of university, commercial, and military computers connected through the Internet. Like buildings in a city, each has a unique address; most of these addresses are registered at the Network Information Center (NIC) in Menlo Park, California. Any one computer may have dozens or hundreds of people using it, so individuals as well as computers are registered in the NIC.
The NIC’s computers provide a directory: just connect to the NIC and ask for someone, and it’ll tell you where they’re located. They don’t have much luck keeping their database up to date (computer people change jobs often), but the NIC still serves as a good phone directory of computer people.
During my lunch break, the hacker ducked into the NIC. Our printer quietly saved the session as he searched the NIC for the abbreviation, “WSMR”:
WSMR? White Sands Missile Range. With two commands and twenty seconds, he found five computers at White Sands.
Astronomers know Sunspot, New Mexico, as one of the finest solar observatories. Clear skies and great telescopes make up for the utter isolation of Sacramento Peak, a few hundred miles south of Albuquerque. The only road to the observatory runs through White Sands, where the Army tests their guided missiles. Once, when I was studying the solar corona, an observing run took me to Sunspot, past the desolation of White Sands. The locked gates and guardhouses discourage onlookers; if the sun doesn’t fry you, the electric fences will.
I’d heard rumors that the Army was designing rockets to shoot down satellites. Seemed like an SDI/Star Wars project, but civilian astronomers can only guess. Maybe this hacker knew more about White Sands than I did.
No doubt, though, that the hacker wanted to know more about White Sands. He spent ten minutes trying to log into each of their computers, connecting to them over the Internet.
The printer recorded his steps:
LBL> telnet WSMR-NET-GW.ARMY.MIL Trying… connect to a White Sands computer
Connected to WSMR-NET-GW.ARMY.MIL
4.2 BSD UNIX
Welcome to White Sands Missile Range
login: guest Try the guest account
Password: guest Guesses a password
Invalid password, try again But no luck
login: visitor Try another likely account name
Password: visitor
Invalid password, try again No luck
login: root He tries yet another account
Password: root
Invalid password, try again Still no luck
login: system And a fourth try
Password: manager
Invalid password, disconnecting after 4 tries
For each computer, he tried to log in as guest, visitor, root, and system. We saw him failing, time after time, as he tried to guess passwords. Perhaps those accounts were valid; the hacker couldn’t enter them because he didn’t know the right passwords.
I smiled at the printout. No doubt, the hacker wanted to get into White Sands. But they didn’t fool around with security. Between their electric fences and passwords, neither tourist nor hacker could enter. Someone at White Sands had locked their doors.
With a snicker, I showed his attempts to the boss, Roy Kerth.
“Well, what do we do about it?” I asked. “Since he didn’t get into White Sands, should we tell them?”
“Hell, yes, we’ll tell them,” Roy responded. “If someone tries to break into my neighbor’s house, I’ll tell ’em. I’ll call the cops, too.”
I asked what cops were in charge of the Internet.
“Damned if I know,” Roy said. “But here’s our policy, from here out: anyone that’s attacked, we tell them. I don’t care if the hacker didn’t get in, you call them on the phone and tell them. Remember, keep this out of electronic mail. And find out who the cops are.”
“Yessir.”
It took only one phone call to find out that the FBI wasn’t policing the Internet. “Look, kid, did you lose more than a half million dollars?”
“Uh, no.”
“Any classified information?”
“Uh, no.”
“Then go away, kid.” Another attempt at rousing the feds had failed.
Maybe the Network Information Center would know who policed their net. I called Menlo Park and eventually found Nancy Fischer. To her, the Internet wasn’t just a collection of cables and software. It was a living creature, a brain with neurons extending around the world, into which ten thousand computer users breathed life every hour. Nancy was fatalistic: “It’s a miniature of the society around us. Sooner or later, some vandal’s going to try to kill it.”
It seemed that there were no network police. Since the Milnet—now called the Defense Data Network—isn’t allowed to carry classified data, nobody paid much attention to its security.
“You ought to be talking to the Air Force Office of Special Investigations,” she said. “They’re the narcs of the Air Force. Drug busts and murders. Not exactly white-collar crime, but it can’t hurt to talk to them. I’m sorry I can’t help you, but it’s really not my bailiwick.”
Three phone calls later, I’m in a conference call with Special Agent Jim Christy of the AFOSI and Major Steve Rudd of the Defense Communications Agency.
Jim Christy made me nervous—he sounded like a narc. “Let me get this straight. Some hacker broke into your computer, then got into an Army computer in Alabama, and is now going for White Sands Missile Range?”
“Yes, that’s about what we’ve seen.” I didn’t want to explain the Unix Gnu-Emacs security hole. “Our traces aren’t complete yet; he might be from California, Alabama, Virginia, or maybe New Jersey.”
“Oh … you’re not shutting him out so that you can catch the bastard.” He was ahead of me.
“And if we close him out, he’ll just enter the Internet through some other hole.”
Steve Rudd, on the other hand, wanted the hacker nailed. “We can’t let this continue. Even without classified information, the Milnet’s integrity demands that spies be kept out.”
Spies? My ears pricked up.
The narc spoke next. “I don’t suppose the FBI has lifted a finger.”
I summarized our five calls to the FBI in one word.
Almost apologetically, Jim Christy told me, “The FBI isn’t required to investigate every crime. Probably they look at one in five. Computer crimes aren’t easy—not like kidnapping or bank robbery, where there’s witnesses and obvious losses. Don’t blame them for shying away from a tough case with no clear solution.”
Steve pressed Jim, “OK, so the FBI won’t do anything. How about AFOSI?”
Jim answered slowly, “We’re the Air Force computer crime investigators. We usually hear about computer crimes only after a loss. This is the first one that we’ve come across in progress.”
Steve cut in, “Jim, you’re a special agent. The only difference between you and an FBI agent is your jurisdiction. Doesn’t this fall in your court?”
“It does. It’s a strange case that falls in several courts.” Over the phone, I could almost hear Jim think. “We’re interested, all right. I can’t tell if this is a serious problem or a red herring, but it’s well worth investigating.”
Jim continued, “Look, Cliff. Each agency has thresholds. Our resources are finite so we’re forced to choose what we investigate. That’s why the FBI asked you about the dollar loss—they’re looking to get the most bang for their effort. Now if classified stuff gets stolen, it’s a different story. National security doesn’t equate to dollars.”
Steve interrupted, “But unclassified information can also equate to national security. The problem is convincing law enforcement people.”
“So what’ll you do?” I asked.
“Right now, there’s really not much we can do. If this hacker’s using the military networks, though, he’s walking on our territory. Keep us informed and we’ll sharpen our stingers.”
In hopes of encouraging AFOSI, I sent Jim a copy of my logbook, and samples of the hacker’s printouts
.
After this conversation, Jim Christy explained about the Milnet. What I called the Milnet, Jim knew as the unclassified Defense Data Network, run by the Defense Communications Agency. “The Department of Defense runs the Milnet for all the services—Army, Navy, Air Force, and Marines. That way, each service has equal access to the network, and you’ll find computers from every branch on the net.”
“So why is Steve Rudd in the Air Force?”
“He’s really a purple-suiter—he works for all three branches. Naturally, when he smelled a problem, he called the Air Force investigators.”
“And you work full time on computer crime?”
“You betcha. We’re watching ten thousand Air Force computers.”
“Then why can’t you wrap up this case in a snap?”
Jim spoke slowly, “We’ve got to clearly define our territory. Unless we do, we step on each other’s toes. You, Cliff, have no worries that you’ll be busted by the OSI—our bailiwick is the Air Force base.”
Bailiwicks always belong to someone else.
You know, much as I complained about bailiwicks, I realized that they protected my own rights: our constitution prevents the military from grubbing around civilian affairs. Jim had put this into a new light—sometimes these rights actually do interfere with law enforcement. For the first time, I realized that my civil rights actually limit what police can do.
Whoops. I’d forgotten the boss’s instructions to call White Sands. Another few minutes on the phone, and I reached Chris McDonald, a civilian working for the missile range.
I outlined the case—Unix, Tymnet, Oakland, Milnet, Anniston, AFOSI, FBI.
Chris interrupted, “Did you say Anniston?”
“Yes, the hacker was super-user at Anniston Army Depot. It’s a little place in Alabama, I think.”
“I know Anniston, all right. They’re our sister Army base. After we test our missiles, we ship ’em off to Anniston,” Chris said. “And their computers come from White Sands as well.”
I wondered if this was just coincidence. Perhaps the hacker had read data in the Anniston computers, and realized that the good stuff came from White Sands. Maybe the hacker was sampling every site where the Army stored missiles.
Cuckoo's Egg Page 8