Book Read Free

Cuckoo's Egg

Page 13

by Clifford Stoll


  The hacker logged into the old Sventek account, and checked who was on our system. Dave Cleveland was there, running under the alias of Sam Rubarb, but the hacker couldn’t know.

  He moved over to our accounting files, and collected the past month’s files in one place. He scanned that long file, searching for the word, “Pink Floyd.”

  Hmmmm. Interesting. He didn’t search for the word “Pfloyd,” which was the Stanford hacker’s pseudonym. Rather, he searched for the pseudonym that was reported in the newspaper.

  My hacker wasn’t the same guy as Stanford’s. If he were, he wouldn’t have to search for “Pink Floyd”—he’d know when he had been active.

  In fact, my hacker wasn’t even in contact with Stanford’s. If the two had met, or even written to each other, my hacker would know to search for “Pfloyd,” not “Pink Floyd.”

  The hacker must have read the news. But it had been almost a month since the article was published. Dave Cleveland must be right: the hacker wasn’t from the West Coast.

  At 6 P.M., the hacker gave up searching our accounting logs. Instead, he went through our computer onto the Milnet. From there, he went straight for the Anniston army base in Alabama. “Which hole will he sneak into this time?” I wondered.

  LBL> Telnet Anad.arpa

  Welcome to Anniston Computer Center

  Login: Hunter

  Password: Jaeger

  Incorrect login, try again.

  Login: Bin

  Password: Jabber

  Incorrect login, try again.

  Login: Bin

  Password: Anadhack

  Incorrect login, 3 tries and you’re out.

  Chuck McNatt had finally locked him out. By changing all his passwords, Chuck had nailed his door shut. He still might have holes in his system, but this hacker couldn’t exploit them.

  The hacker didn’t give up. He reached over into the building design group.

  Some scientists at Lawrence Berkeley Lab worry about how to design energy efficient homes. Most other physicists look down on them—“Yech, applied physics.” Protons and quarks are sexy. Saving ten dollars on your monthly heating bill isn’t.

  The building design group searches for new glasses that let light in, but block the infra-red. They build new insulators to prevent heat leaks through walls. They’d just started analyzing basements and chimneys for thermal efficiency.

  The hacker learned this because he dumped all their files. Page after page of thermal emissivity data. Memos about paint absorption in the ultraviolet. And a note saying, “You can move to the Elxsi computer next week.”

  He didn’t need to see that note twice. He interrupted his listing, and commanded my Unix computer to connect him to the Elxsi system.

  I’d never heard of this computer. But my computer had. Within ten seconds, he’d made the connection and the Elxsi prompted him for an account name and password. I watched him try to get in:

  LBL> Telnet Elxsi

  Elxsi at LBL

  login: root

  password: root

  incorrect password, try again.

  login: guest

  password: guest

  incorrect password, try again.

  login: uucp

  password: uucp

  WELCOME TO THE ELXSI COMPUTER AT LBL

  He got into the UUCP account. No password protection. Wide open.

  UUCP is the account for Unix to Unix copying. When one Unix computer wants to copy a file from another, it logs into the UUCP account and gets the file. People should never be able to connect to this special account. The system manager should disable it from human log-ins.

  Worse, this Elxsi had its UUCP account set up with system privileges. It took the hacker only a minute to realize that he’d stumbled into a privileged account.

  He didn’t lose any time. He edited the password file, and added a new account, one with system manager privileges. Named it Mark. “Keep it bland,” I thought.

  But he didn’t know much about this computer. He spent an hour dumping its files, and learned about designing energy efficient buildings. Nothing about the computer itself.

  So he wrote a program to time the Elxsi computer. A short C program that measured its speed and reported its word length.

  He needed three tries to get his program to work, but finally it flew. He found the Elxsi to have thirty-two bit words, and he measured it at about ten million instructions per second.

  Eight-bit and sixteen-bit computers are diddlysquat machines; the thirty-two-bit systems are the biggies. Thirty-two bits meant a big machine, ten MIPS meant fast. He’d entered a super-minicomputer. One of the fastest in Berkeley. One of the most mismanaged.

  As I watched him walk through the Elxsi, I talked to Tymnet. While the hacker tried to understand the new computer, Ron Vivier searched out the needle that pointed where the hacker came from.

  “No news. He’s coming in from Oakland again.” Ron knew that meant a phone trace.

  “No use calling the phone company. They’ll just tell me to get a Virginia search warrant.”

  I hung up, disappointed. A long connection like this was perfect for tracing him. I couldn’t shut him out of our system when he was into computers I’d never even heard of. When he finally signed off at 7:30, he’d pretty much mapped out our lab’s major computers. He might not be able to get into each of them, but he knew where they were.

  7:30. Damn, I’d forgotten the party. I ran down to my bike and pedaled home. This hacker wasn’t wrecking my computer, he was destroying my life. Being late for a Halloween party—that’s a capital crime in Martha’s book.

  Not only was I late, but I’d shown up without a costume. I slinked guiltily through the kitchen door. What a scene! Princess Diana, tastefully attired in a tailored dress, pillbox hat and white gloves, shuddered as she removed a dripping handful of seeds from a pumpkin. Alice and the mad hatter were serving the last of the lasagna. Charlie Chaplin was dipping apples in caramel. In the midst of this swirl of activity stood a small but fierce samurai warrior in full battle gear, shouting orders. “You’re late,” the samurai scowled. “Where’s your costume?”

  Buried in the back of the closet, I found my red velvet robe. Worn over Martha’s nightgown, with a sheet pinned around my shoulders and a tall, jeweled miter of construction paper and sequins, I suddenly became … Cardinal Cliff the First. I went around blessing the guests. Martha’s friend Laurie, who usually wore a crew cut, jeans, and hiking boots, sidled up in a short black cocktail dress and long pearl necklace. “Come on, your holiness, let’s go forth and bless the Castro.”

  We piled into the Mad Hatter’s car (Laurie rode her motorcycle) and crossed the bridge to Babylon. Halloween is San Francisco’s favorite holiday. Five blocks along Castro Street are cordoned off, and thousands of elaborately costumed revelers jostle up and down, looking at each other and at the drag queens in sequined gowns who lip-sync to Ethel Merman on the fire escapes overlooking the street.

  This year’s costumes were incredible: a person dressed as a giant bag of groceries, complete with giant paper replicas of vegetables and cans; various creatures from outer space; and several rival samurai’ whom Martha fought off with her plastic sword. White-faced draculas mingled with witches, kangaroos, and butterflies. Over near the trolley stop, an assortment of ghouls harmonized with a three-legged pickle.

  I offered benedictions left and right—to demons and angels, gorillas and leopards. Medieval knights knelt to me, and nuns (some with mustaches) rushed up to greet me. A trio of sturdy, cheerful fellows in pink tutus and size-thirteen ballet shoes bowed gracefully to receive my blessings.

  Despite layoffs at the factories, rent payments due, drugs, and AIDS, somehow San Francisco celebrated life.

  Next Monday I showed up late, expecting to find a message from the manager of the Elxsi computer. No such luck. I called around the building design group, and talked with the physicist in charge of the Elxsi computer.

  “Noticed anyt
hing strange on your Elxsi?”

  “No, we’ve only had it a month. Anything wrong?”

  “Who set up your accounts?”

  “I did. I just signed on as system manager, then added users.”

  “Do you run accounting?”

  “No. I didn’t know you could.”

  “Someone broke into your computer through the UUCP account. He became system manager and added a new account.”

  “I’ll be damned. What’s the UUCP account?”

  Here’s the problem. This guy’s a physicist, bored by computers. He didn’t know about managing his machine. Probably didn’t care.

  This guy wasn’t the problem. Elxsi was. They sold their computers with the security features disabled. After you buy their machine, it’s up to you to secure it. Just plow through a dozen manuals to find a paragraph saying how to modify the permissions granted to the UUCP account. If you know that account exists.

  Right.

  The same thing must be happening all over. The hacker didn’t succeed through sophistication. Rather he poked at obvious places, trying to enter through unlocked doors. Persistence, not wizardry, let him through.

  Well, he wasn’t going to get into our Elxsi anymore. Knowing my adversary, I could easily lock him out in a way that would mystify him. I built a trap door into our Elxsi: whenever the hacker touched the purloined accounts on that machine, it notified me and pretended to be too busy to accept another user. The Elxsi didn’t say, “Go away”; rather, it slowed down to a crawl whenever the hacker showed up. The hacker wouldn’t realize that we were on to him, yet the Elxsi was protected against him.

  Still, we were treading water. Without search warrants, our phone traces went nowhere. Sure, we read every word he typed into our computer, but how much did we miss? He might be using a dozen other computers to get onto the Milnet.

  This much is for sure: I was now dedicated to catching this hacker. The only way to snag this guy was to watch every minute of the day. I had to be ready all the time—noon or midnight.

  That was the problem. Sure, I could sleep under my desk and rely on my terminal to wake me up. But at the cost of the domestic tranquility: Martha wasn’t pleased at my office campouts.

  If only my computer would call me whenever the hacker appeared, then the rest of the time would be my own. Like a doctor on call.

  Of course. A pocket pager. I had a bank of personal computers watching for the hacker to appear. I’d just program them to dial my pocket pager. I’d have to rent a pager, but it’d be worth the $20 a month.

  It took an evening to write the programs—no big deal. From now on, wherever I went, I’d know within seconds of the hacker’s arrival. I’d become an extension of my computer.

  It was him against me now. For real.

  Lawrence Berkeley Labs is funded by the Department of Energy, the successor to the Atomic Energy Commission. Perhaps nuclear bombs and atomic power plants are fading into the mists of history, or maybe splitting atoms isn’t as sexy as it used to be. For whatever reason, the DOE isn’t the same animated team that started atomic energy plants two decades ago. I’d heard rumors that over the years, the organization had silted up like the Mississippi.

  The DOE may not be the most nimble of our many Governmental agencies, but they did pay our bills. For over a month, we’d kept silent about our problem, worrying that the hacker might find out we were tracking him. Now that our trace led far from Berkeley, it seemed safe to tell our funding agency about the hacker.

  On November 12, I called around the DOE, trying to find out who I should talk to about a computer break-in. It took a half dozen calls to find out that nobody really wanted to listen. Eventually I reached the DOE manager of computer security for unclassified computers.

  Rick Carr listened patiently as I told him about the hacker, occasionally interrupting with questions. “Is he still active in your computer?”

  “Yes, and we’re homing in on him every time he shows up.”

  He didn’t seem especially excited. “Well when you catch him, let us know.”

  “Want a copy of my logbook?” I asked.

  “No. Keep it quiet until you’re through.”

  I explained our need for search warrants and the FBI’s lack of interest. “Any chance you might be able to get the FBI to open a case?”

  “No, I wish they did, but the FBI doesn’t listen to us,” Rick said. “I’d like to help, but it’s just not my bailiwick.”

  Bailiwicks again. I mumbled my thanks, and was about to hang up when Rick said, “You might want to call the National Computer Security Center, though.”

  “Who are they?” Seemed like a group that I should have heard of.

  Rick explained, “The NCSC is a sidekick of the National Security Agency. They’re supposed to make standards for securing computers.” From his emphasis on the word “supposed,” it sounded like they weren’t.

  “Since when does the NSA talk to the public?” I’d always thought that the NSA was the most secret of all government agencies.

  “The computer security section of NSA is the only part of NSA that’s unclassified,” Rick said. “Because of this, they’re treated as ugly ducklings within NSA. Nobody from the secret side of the house will talk to them.”

  “And since they’re a part of the NSA, nobody from the public trusts them either,” I realized where he was leading.

  “Right. They take flack from both sides. But you ought to tell them about your hacker. They’re certain to be interested, and they might just rattle the right cages in the bureaucracy.”

  Next call: the National Computer Security Center. Zeke Hanson was their desk officer. His voice was cheerful and he seemed fascinated by the idea of silently watching a hacker. He wanted all the technical details of our monitors and alarms.

  “You’re an intercept operator,” Zeke informed me.

  “What’s that?” I’d never heard of it.

  He stammered a bit, as if he wanted to unsay his last sentence. I figured out what he meant on my own. NSA must have thousands of people watching teletypes around the world. Intercept operators, huh?

  Zeke asked about my computer. I explained, “A couple of Vaxes running Unix. Lots of networks.” For the next twenty minutes, I told him about the holes that the hacker exploited—Gnu-Emacs, passwords, Trojan horses. It hit him where he lived.

  But when I asked if there was any way that he could finagle a search warrant, he clammed up tight.

  “I’ll have to talk to my colleagues about this.”

  Well, what did I expect? Ideally, I’d call an electronic spy on the phone, explain my need for a search warrant, and he’d kick the FBI into acting. Right. How would I react to someone calling my observatory, reporting an invader from some unknown planet?

  Still, I might as well explain our problem. “Look, we’re about to call it quits. If someone doesn’t help out, we’re giving up on this monitoring. I’ve had it with being a volunteer intercept operator.”

  Not a dent. “Cliff, I’d like to take over, but our charter prevents it. NSA can’t engage in domestic monitoring, even if we’re asked. That’s prison term stuff.”

  He took this seriously. NCSC or NSA, whichever he worked for, wouldn’t monitor my hacker. They’d advise me on how to protect my computers and serve as a liaison to the FBI, but they wouldn’t take over my monitoring.

  Getting a search warrant? Zeke would look into it, but didn’t offer much help. “If you can’t interest the FBI, I doubt that they’ll listen to us. We’re here to make computers more secure, not to catch criminals.”

  Another bailiwick problem.

  I hung up, discouraged. Five minutes later, I walked down the hallway and asked myself what I was doing talking to the NSA.

  Maybe Martha was right. She’d said I was on a slippery slope that led into deep water. First you call the FBI, then the CIA, now the NSA.

  But it wasn’t the spooks that bothered me. It was their inaction. Sure, they all listened to my t
roubles, but not one would lift a finger.

  Frustrating. Every agency seemed to have a good reason to do nothing. Disgusted, I paced the halls.

  The hallways at Lawrence Berkeley Labs look like a plumber’s nightmare. There’s no suspended ceiling tiles to hide the pipes, cables, and ducts. Looking up, I recognized the steam pipes, and the orange ethernet cables. The steam runs at about one hundred pounds per square inch, the ethernet at around ten million bits per second.

  My networks were as essential to the lab as steam, water, or electricity.

  Did I say, “my networks?” The networks were no more mine than the steam pipes belonged to the plumbers. But someone had to treat them as his own, and fix the leaks.

  Something strange was happening to me. In a daze, I sat down on the hallway floor, still staring up at the pipes. For the first time in my life, something important was entirely up to me. My attitude at work had always been like my days as an astronomer—I’d write proposals, observe at the telescope, publish papers, and stand cynically apart from the struggles and triumphs of the world around me. I didn’t care if my research led anywhere.

  Now, nobody was telling me what to do, yet I had a choice: should I quietly let things drop? Or do I take arms against this sea of troubles?

  Staring at the pipes and cables, I realized that I could no longer fool around behind the scenes, an irreverent, zany kid. I was serious. I cared. The network community depended on me, without even knowing it. Was I becoming (oh, no!) responsible?

  That evening, Martha studied criminal procedure at Boalt Hall Law Library. I stopped by to deliver some bagels and cream cheese, the high-octane fuel of law students. We necked and pecked among the books, occasionally dodging a zombie cramming for the bar exam. Aah, Boalt library, where the law never sleeps.

  In a back room, she showed me the law school’s Lexis computer. “Hey, want to play with a fun toy while I study?” she asked.

  Without waiting for a reply, she switched on the Lexis terminal. She pointed to the sign giving instructions on how to log into the document search system. She dived back into her books, leaving me with some unknown computer.

 

‹ Prev