Cuckoo's Egg
Page 22
Saved by my logbook.
Just like observing at a telescope. If you don’t document it, you might as well not have observed it. Sure, you need powerful telescopes and computers. But without a logbook, your observations won’t amount to much.
On December 30, my beeper woke me up around 5 A.M. By reflex, I called Steve at his house. He wasn’t pleased to hear from me.
“The hacker’s on.”
“Aaw, I was just in the middle of a dream. Are you sure it’s him?” His British accent didn’t hide his annoyance.
“I’m not sure, but I’ll find out in a minute.”
“OK, I’ll start a trace.” Steve put up with a lot from me.
From home, I dialed my Unix computer. Damn. No hacker. The electricians had tripped my alarm by shutting off a nearby computer.
Sheepishly, I called Steve back.
“Say, Cliff, I can’t find anyone connected to your computer.” His voice was still sleepy.
“Yeah. It’s a false alarm. I’m sorry.”
“No problem. Maybe next time, huh?”
Now here’s a good guy. If someone I’d never met rousted me out of bed to chase a phantom in a computer.…
Luckily, only Steve had heard me cry wolf. What would happen to my credibility if I’d passed the word along to Germany or the FBI? From now on, I’d double-check every alarm.
New Year’s Eve found us sitting around the fire with friends, sipping eggnog and listening to the explosions as neighborhood idiots set off cherry bombs in the street.
“Hey,” said Martha, “we’d better get moving if we’re going to make it to First Night.” San Francisco was throwing a city-wide party to welcome in 1987, foster civic pride, and give people an alternative to getting drunk and smashing into each other. There was music, dance, theater, and comedy in a dozen locations across town, with cable-car shuttles between events.
Seven of us piled into a beat-up Volvo and inched into San Francisco, trapped in a raucous traffic jam. Instead of honking, people blew party horns out their car windows. Finally we came to the brightly-lit city, ditched the car, and headed for a flamenco concert.
We found our way to the Mission district—the Latin section of town, and discovered a packed Catholic church with an impatient audience. A sheepish face emerged from behind the curtain, explaining, “None of the lights work so we’re delaying the performance.”
Amid the catcalls and boos, Martha stood up and pushed me forward. I still had my electrician’s license, and she’d done tech for many an amateur theatrical. We snuck backstage. The flamenco dancers in their glittering costumes smoked and paced the dark stage like caged tigers, tapping their feet and glancing at us doubtfully. Martha set about untangling the maze of cables strewn in the wings while I located the blown fuse. A quick swap of fuses and, shazam, the stage lights lit.
The dancers stamped and cheered and, as Martha neatly coiled the last cable and adjusted the lighting board, the emcee dragged us on stage to thank us. After we escaped the limelight, we enjoyed the flamenco dancing and faro singing; the scowling, nervous creatures we’d seen on the dark stage were transformed into elegant, whirling dancers.
We ducked outside and found a shuttle bus driven by an old lady who could have passed for Tugboat Annie, in appearance and language. She maneuvered the bus gamely through the crowded streets, and we found ourselves at the Women’s Building on Eighteenth Street. There the Wallflower Order danced and told stories of feminism and social protest.
One dance was about the Wu-Shu, a legendary Chinese monkey who defeated the greedy warlords and gave land back to the people. Sitting in the balcony, I thought about politically correct monkeys—was I a pawn of the warlords? Or was I really a clever monkey, on the side of the people? I couldn’t tell, so I forgot about my hacker and enjoyed the dance.
Finally, we wound up dancing wildly to a rhythm and blues band with lead singer Maxine Howard, a sensational blues singer and the sexiest woman in the history of the world. She was picking people out of the audience to dance with her on the stage, and we soon found ourselves hoisting a protesting Martha onto the platform. Within a few minutes, she and her fellow victims overcame their stage fright and formed themselves into a fairly synchronized chorus line, doing little hand motions like the Supremes. I was never much for dancing, but by two o’clock or so, I found myself jumping and spinning around with Martha, lifting her high in the air …
We finally had our fill of high culture and cheap thrills, and went to sleep at a friend’s house in the Mission district. What felt like moments after my head touched the pillow (though it was actually nine the next morning), my beeper woke me up.
Huh? The hacker was at work on New Year’s Day? Give me a break.
There wasn’t much I could do. Hacker or not, I wasn’t about to call Steve White on New Year’s morning. Anyway, I doubted that the German Bundespost could do much about it on a holiday. Most of all, I was ten miles from my laboratory.
I felt caged in while the hacker had free run. If he wanted to tweak my nose, he’d found the way. Just show up when I couldn’t do anything.
Well, I couldn’t do much beyond worry, so I tried to sleep. With Martha’s arm around me, rest came easily. “C’mon, sweetie,” she purred. “Give the hacker a holiday.” I sank into the pillows. Hacker or not, we would celebrate the New Year. We slept the rest of the morning. Around noon, we found our way back home. Claudia greeted us with a violin sonata … she’d spent New Year’s Eve playing at some millionaire’s party.
Martha asked about her job. “You should have seen the canapés!” Claudia answered. “We had to sit and stare at them for hours before they finally saw us looking pathetic and brought us some. They had a whole smoked salmon and caviar and strawberries dipped in chocolate and—”
Martha cut in, “I meant what music you played.”
“Oh, we played that Mozart sonata everyone likes that goes diddle dum diddle da da da. Then they started making requests for really icky things like ‘My Wild Irish Rose.’ I thought I’d get sick but after all it was $125 for two hours and it was on the way to my Mom’s so I could drop the dog off there, and do some shopping up at Santa Rosa—”
Martha snuck in a word about brunch. We were all in the kitchen mixing waffle batter and making fruit salad when my beeper sounded.
Damn. The hacker again. Martha cursed, but I hardly heard her: I zipped over to my Macintosh and dialed the lab.
There was the hacker, all right, logged in as Sventek. It looked like he was using the Milnet, but I couldn’t be sure until I went to the lab. Meanwhile, I’d better call Steve White at Tymnet.
No time—the hacker disappeared within a minute. He was playing New Year’s games.
There wasn’t much to do but pick up the pieces. I scarfed down the waffles and biked over to the lab. There, the hacker’s New Year’s celebration was saved on my printers. I scribbled notes on the printouts, next to each of his commands:
Whee! The hacker had entered an Army database and searched for secret Air Force projects. Even an astronomer would know better. He caught on quickly, though:
Well, I’d never come across such things. I’d always thought that a theater was somewhere to watch movies, not a place to develop nuclear forces. This hacker wasn’t playing games.
And he wasn’t satisfied with the titles to these documents—he dumped all twenty-nine over the line printer. Page after page was filled with army double-talk like:
TITLE: Nuclear, chemical, and biological national security affairs
DESCRIPTION: Documents relating to domestic, foreign, and military police for the
application of atomic energy, utilization of nuclear and chemical weapons, and
biological defense relating to national security and national level crises management. Included are studies, actions, and directives of an related to the
President, National Security Council, Assistant to the President for National Security Affairs, and interdepartmental groups an
d committees addressing national security affairs regarding nuclear and chemical warfare and
biological
defense.
There, my printer jammed. The old Decwriter had paid its dues for ten years, and now needed an adjustment with a sledge hammer. Damn. Right where the hacker listed the Army’s plans for nuclear bombs in the Central European theater, there was only an ink blot.
I didn’t know much about movie theaters in Central Europe, so I gave Greg Fennel a call at the CIA. Amazingly, he answered his phone on New Year’s Day.
“Hi, Greg—what brings you in on New Year’s?”
“You know, the world never sleeps.”
“Hey, what do you know about movie houses in Central Europe?” I asked, playing the fool.
“Oh, a bit. What’s up?”
“Not much. The hacker just broke into some Army computer at the Pentagon.”
“What’s that got to do with movies?”
“I dunno,” I said, “but he seemed especially interested in nuclear force structure developments in Central European theaters.”
“You dunce! That’s Army tactical warfare plans. Jeez. How did he get it?”
“His usual techniques. Guessed the password to the Army Optimis database in the Pentagon. It looks like a bibliography of Army documents.”
“What else did he get?”
“I can’t tell. My printer jammed. But he searched for keywords like ‘SDI,’ ‘Stealth,’ and ‘SAC.’ ”
“Comic book stuff.” I wasn’t sure if Greg was joking or serious. He probably thought the same of me.
Come to think of it, how did the spooks know if I was putting them on? For all they knew, I might be inventing everything. Greg had no reason to trust me—I had no clearance, no badge, not even a trench coat. Unless they were spying behind my back, my credibility remained untested.
I had only one defense against this quicksand of distrust—the facts.
But even if they believed me, they weren’t likely to do anything. Greg explained, “We can’t just send Teejay overseas and bust down someone’s door, you know.”
“But can’t you, well, sorta snoop around there and find out who’s responsible for this?” I imagined spies in trench coats again.
Greg laughed. “That’s not how things work. Trust me—we’re working on it. And this latest news will add fuel to the fire.” So much for the CIA. I just couldn’t tell if they were interested or not.
On January 2, I called the Alexandria FBI office and tried to leave a message for Mike Gibbons. The duty agent who answered the phone said in a dry voice, “Agent Gibbons is no longer working this case. We suggest you contact the Oakland office.”
Super. The only FBI agent that knows the difference between a network and a nitwit has been pulled off the case. No explanation given.
And just when we need the FBI. Wolfgang was still waiting for a warrant from the U.S. Legal Attaché in Bonn. A week of waiting, and it still hadn’t come through. Time to knock on another door.
No doubt the National Security Agency would want to know about leaks from a Pentagon computer. Zeke Hanson at Fort Meade answered.
“Did the Army information go directly to Europe?” Zeke asked.
“Yeah, though I don’t know exactly where,” I said. “Looks like Germany.”
“Do you know which International Record Carrier they used?”
“Sorry, I don’t. But I can fish it out of my records if it’s that important.” Why would NSA want to know who had carried this traffic?
Of course. NSA is rumored to tape record every transatlantic telephone conversation. Maybe they’d recorded this session.
But that’s impossible. How much information crosses the Atlantic everyday? Oh, say there’s ten satellites and a half-dozen transatlantic cables. Each handles ten thousand telephone calls. So the NSA would need several hundred thousand tape recorders running full time. And that’s just to listen to the phone traffic—there are computer messages and television as well. Why, fishing out my particular session would be nearly impossible, even with supercomputers to help. But there was an easy way to find out. See if NSA could obtain the missing data.
“The New Year’s Day sessions were interrupted by a paper jam,” I told Zeke, “so I’m missing an hour of the hacker’s work. Think you could recover it?”
Zeke was cagey. “What’s its importance?”
“Well, I can’t quite say, since I haven’t seen it. The session started at 8:47 on New Year’s Day. Why don’t you see if someone in Ft. Meade can find the rest of the traffic from this session?”
“Unlikely at best.”
The NSA was always willing to listen but clammed up tight whenever I asked questions. Still, if they were doing their homework, they’d have to call me and see if our results were the same. I waited for someone to ask to see our printout. Nobody did.
Come to think of it, two weeks ago, I’d asked Zeke Hanson at the NSA to find out an electronic address. When I first traced a line into Europe, I passed the address to Zeke. I wondered what he’d done with it.
“Did you ever find out where that DNIC address comes from?” I asked.
“Sorry, Cliff, that information is unavailable.” Zeke sounded like one of those Magic-8 balls, the kind that say, “Reply hazy, ask again later.”
Fortunately, Tymnet had already figured out the address … it only took Steve White a couple hours.
Perhaps NSA has lots of electronics wizards and computer geniuses, listening to the world’s communications. I wonder. Here, I’d presented them with two fairly easy problems—find an address and replay some traffic. Maybe they did, but they never told me a whit. I suspect they do nothing, hiding behind a veil of secrecy.
Well, there was one more group to inform. The Air Force OSI. The Air Force narcs couldn’t do much about the hacker, but at least they could figure out whose computer was wide open.
Jim Christy’s gravelly voice crackled over the phone lines: “So it’s the Army Optimis system, huh? I’ll make a few calls and bang a few heads.” I hoped he was joking.
So 1987 started on a sour note. The hacker still had the free run of our computers. The only competent FBI agent had been pulled from the case. The spooks wouldn’t say a thing, and NSA seemed uninspired. If we didn’t make some headway soon, I’d give up too.
Around noon on Sunday, January 4, Martha and I were stitching a quilt when my beeper sounded. I jumped for the computer, checked that the hacker was around, then called Steve White. Within a minute, he’d started the trace.
I didn’t wait while Steve tracked the call. The hacker was on my computer, so I biked up to the lab and watched from there. Another twenty-minute race up the hill, but the hacker took his time: he was still typing when I reached the switchyard.
Underneath the printer, an inch-thick printout had accumulated. The hacker hadn’t been lazy today. The top line showed him masquerading behind Sventek’s name. After checking that none of our system managers were around, he went back to the Pentagon’s Optimis database. Not today: “You are not authorized to log in today,” was the Army computer’s reply.
Well, hot ziggity! Jim Christy must have bashed the right heads.
Scanning the printout, I could see the hacker going fishing on the Milnet. One by one, he tried fifteen Air Force computers, at places like Eglin, Kirtland, and Bolling Air Force Bases. No luck. He’d connect to each computer, twist the doorknob once or twice, then go on to the next system.
Until he tried the Air Force Systems Command, Space Division.
He first twisted on their doorknob by trying their System account, with the password of “Manager.” No luck.
Then Guest, password of “Guest.” No effect.
Then Field, password “Service”:
Username: FIELD
Password: SERVICE
WELCOME TO THE AIR FORCE SYSTEM COMMAND—SPACE DIVISION VAX/VMS 4.4
IMPORTANT NOTICE
Computer System problems should be directed
to the Information Systems
Customer Service Section located in building 130, room 2359.
Phone 643-2177/AV 833-2177.
Last interactive login on Thursday, 11-DEC-1986 19:11
Last non-interactive login on Tuesday, 2-DEC-1986 17:30
WARNING—Your password has expired; update immediately with SET PASSWORD|
$ show process/privilege
4-JAN-1987 13:16:37.56 NTY1: User: FIELD
Process privileges:
BYPASS may bypass all system protections
CMKRNL may change mode to kernel
ACNT may suppress accounting messages
WORLD may affect other processes
OPER operator privilege
VOLPRO may override volume protection
GRPPRV group access via system protection
READALL may read anything as the owner
WRITEALL may write anything as the owner
SECURITY may perform security functions
Shazam: the door had swung wide open. He’d logged in as Field Service. Not just an ordinary user. A completely privileged account.
The hacker couldn’t believe his luck. After dozens of attempts, he’d made the big time. System operator.
His first command was to show what privileges he’d garnered. The Air Force computer responded automatically: System Privilege, and a slew of other rights, including the ability to read, write, or erase any file on the system.
He was even authorized to run security audits on the Air Force computer.
I could imagine him sitting behind his terminal in Germany, staring in disbelief at the screen. He didn’t just have free run of the Space Command’s computer; he controlled it.
Somewhere in Southern California, in El Segundo, a big Vax computer was being invaded by a hacker halfway around the world.
His next moves weren’t surprising: after showing his privileges, he disabled the auditing for his jobs. This way, he left no footprints behind; at least he thought not. How could he know that I was watching from Berkeley?