Chaos Club members justify their actions with a peculiar set of ethics. They claim that it’s perfectly all right for them to roam through others’ databases, so long as they don’t destroy any information. In other words, they believe their technicians’ curiosity should take precedence over my personal privacy. They claim the right to peruse any computer they can break into.
Information in databases? They’ve no qualms, if they can figure out how to get it. Suppose it’s a list of AIDS patients? Or your last year’s income tax return? Or my credit history?
Darren had been great to talk to about all of this, with his knowledge of networks and sharp eye for holes. But whenever we talked, he seemed amused and distant, looking at the hacker problem purely as an intellectual game. I felt that he looked down at me for getting caught up in it, being out to get the hacker.
Finally one afternoon after Darren had patiently listened to my whining about the hacker and my gloomy predictions of future trouble, he fixed me with a stare.
“Cliff,” he said, “you’re an old fart. Why do you care so much that someone’s frolicking in your system. That could have been you, in your distant youth. Where’s your appreciation of creative anarchy?”
I tried to defend myself—as I’d tried with Laurie, months ago. I hadn’t set out be be a network cop. I’d started with a simple puzzle: why did my accounting show a 75-cent error? One thing led to another, and I ended up on the trail of our friend.
And I didn’t just blunder around in a blind rage, trying to nab the guy just because he was there. I learned what our networks are. I had thought of them as a complicated technical device, a tangle of wires and circuits. But they’re much more than that—a fragile community of people, bonded together by trust and cooperation. If that trust is broken, the community will vanish forever.
Darren and other programmers sometimes expressed respect for hackers because they test the soundness of systems, reveal holes and weaknesses. I could respect this view—it takes a rigorous, honest mind to feel gratitude to someone who exposes our mistakes—but I could no longer agree with it. I saw the hacker not as a chess master, teaching us all valuable lessons by exploiting the weak points in our defenses, but as a vandal, sowing distrust and paranoia.
In a small town, where people never locked their doors, would we praise the first burglar for showing the townspeople how foolish it was to leave their houses open? After it happened, the town couldn’t ever go back to open doors.
Hacking may mean that computer networks will have to have elaborate locks and checkpoints. Legitimate users will find it harder to communicate freely, sharing less information with each other. To use the network, we all might have to identify ourselves and state our purpose—no more logging on casually just to gossip, doodle around, see who else is on the net.
There’s plenty of room for truly “creative anarchy” on the networks as they are—nobody is in charge of them, nobody makes the rules—they exist purely out of cooperative effort and they evolve freely at the whim of their users. A hacker’s abuse of this openness might mean the end of the casual, communal way the networks are run.
I could finally answer Darren. All my buddying up with spooks in suits and playing computer cop came from my appreciation for creative anarchy. To have the networks as our playground, we have to preserve our sense of trust; to do that, we have to take it seriously when people break that trust.
But though I finally felt like I knew why I’d done it, I still didn’t know what I had done. What was the guy’s name in Hannover? Who was behind the whole thing? Nobody would tell me.
As the summer stretched on, the case showed every indication of dying out. Mike Gibbons didn’t call and seldom returned my calls. It was as if nothing had happened.
I understood the technical aspects of the case—the computer’s holes and the hacker’s location. Wasn’t that all I’d wanted? But something was wrong. This wasn’t satisfying.
I knew the whats and the hows. I wanted to know the who’s and whys.
* In truth, German telephone rates are exorbitant compared to those in North America.
Who’s behind it? Only one way to find out. Do research.
The FBI wouldn’t tell me anything except, “Be quiet and don’t ask questions.” Not helpful.
Maybe my poking around would upset some trial that was going on. But if there was a trial, surely they’d need my cooperation. After all, I had the crucial evidence: a couple thousand pages of printouts, all neatly folded into boxes and locked up in a janitor’s closet.
Well, even if I couldn’t ask questions, I could still do science. Publishing your results is as much a part of research as investigating a weirdness. In my case probably more important. As rumors of this hacker spread, military people began to call, asking for more information. What should I tell them?
The end of August marked a year after we’d first detected this hacker in our computers, and two months after we finally nailed him in Hannover. The FBI still told me to keep quiet.
Of course, the FBI couldn’t legally prevent me from publishing, or even poking around. Martha was adamant: “You’re free to write what you wish. That’s what the First Amendment’s all about.”
She should know. She was in the midst of studying constitutional law for her bar exam. Just three more weeks, and it’d be all over. To take her mind off the exam, we began sewing a quilt. Just a few minutes here and there, but the design grew and grew, and though I didn’t realize it, something wonderful was growing with it.
We split up the work of making the quilt the way we always had. She’d do the piecing, I’d sew the squares, and we’d both share the quilting. We’d just started cutting the pieces when Laurie stopped by for brunch.
Martha showed her the design and explained that the quilt would be called “Garden Star.” The central blazing star would be bright yellow and orange, like the peonies in our garden. Surrounding it would be a ring of tulips, and then a border called “snowball,” like the snowball bushes we had, the first plants to bloom in spring. Laurie suggested another border, called “flying geese,” to represent the birds in the garden.
Listening to Laurie and Martha talk about quilting patterns, each one with its ancient, romantic name, I felt a deep warmth. Here was my home, my love. The quilt we were making now would last our whole lives, in fact, it would outlive us and still be there to comfort our grandchildren …
Whoa. I was getting carried away. After all, Martha and I weren’t married or anything, just living together, just sharing our lives while it was good for both of us, free to move on if things weren’t working out. Yeah. It was better that way, more open and enlightened. None of this old-fashioned “till death do us part” stuff.
Yeah, sure.
Laurie startled me, her words somehow picking up on my private thoughts. “This should be your wedding quilt.” Martha and I both stared at her.
“Really. You two are already married—anyone can see it. You’ve been best friends and lovers for almost eight years. So why don’t you make it official and celebrate?”
I was completely at a loss. What Laurie had said was so true and obvious that I’d been blind not to see it. I had been stuck thinking that we should just go on, one day at a time, being together “for now,” while things were good. But really, would I leave Martha if we were going through hard times? Would I leave her if someone else attracted me more? Was that the kind of person I wanted to be, and the way I wanted to live the rest of my life?
At that moment I realized what to do, and how I wanted to live. I looked at Martha, her face calm and still, bent over the bright pieces of calico. There were tears in my eyes, and I couldn’t speak. I looked at Laurie for help, but the moment she saw my face, she vanished into the kitchen to make tea, leaving Martha and me alone together.
“Sweetheart?”
She raised her head and looked at me steadily.
“When do you want to get married?”
“What about next sprin
g, after the rainy season, when there are roses?”
So it was done. No looking back, no regrets, no glancing around to see if someone better would come along. Martha and me, for the rest of our lives. Laurie poured out the tea, and we all sat together, not saying much, but so happy.
By October I started thinking about the hacker again. Darren and I argued about whether to publish a paper. “If you don’t say something,” Darren argued, “some other hacker will wreck someone else’s computer.”
“But if I do publish, it’ll teach a dozen hackers how.”
That’s the problem with talking about security problems. If you describe how to make a pipe bomb, the next kid that finds some charcoal and saltpeter will become a terrorist. Yet if you suppress the information, people won’t know the danger.
January marked six months since the hacker had been busted, a year and a half since we’d first detected him. Yet I still didn’t know his name. It was about time to publish my results.
So I sent the paper to Communications of the Association of Computer Machinery. Though you won’t find it on newsstands, Communications reaches most computer professionals, and it’s a real scientific journal: every article is refereed. Which meant that three other computer scientists checked over my article and made anonymous comments on whether it should be published.
The paper was to come out in the May issue. Together, the Association for Computer Machinery and Lawrence Berkeley Labs scheduled a joint announcement for May first.
May would be a goofy month. Martha and I planned on getting married at the end of the month. We’d reserved the Berkeley Rose Garden, sewn our wedding clothes, and invited our friends and relatives. Even without the publicity of the hacker, this month wouldn’t be calm.
Well, we were pretty much all set when the German magazine Quick got there first. On April 14, they printed a story about how a German hacker had broken into three dozen military computers. Although their reporter had managed to meet the hacker, most of their story came from my logbook.
My logbook! How did Quick magazine, a cross between Life and the National Enquirer, manage to get ahold of my laboratory logbook? I’d kept my logbook on my computer—it lived on disks, not on paper. Did someone break into my computer and read my logbook?
Impossible. My logbook was on my Macintosh: I never connected to any network, and I hid the disk in my desk every night.
I reread the translation of the article, and realized that someone had leaked a copy of my logbook from a year ago, January. Before I’d set up the phoney SDINET sting. Had I given a copy of that logbook to anyone?
Yes, I had. On January 10, I’d sent the logbook to Mike Gibbons at the FBI. He must have forwarded it to the Legal Attaché in Bonn. Who knew where it landed next?
Someone had leaked it to Quick magazine. And they published the story two weeks before I was going to. Damn.
One year of silence. A year of covert cooperation with the authorities. Betrayed to a cheap tabloid in Germany. How ignominious.
Even with a copy of my notebook, Quick was anything but accurate. Not much to do but get the facts out ourselves. Damn.
Whatever we did, we’d be late. John Markoff—now at the New York Times—had heard about the story and was asking questions. Damn. Only one thing to do: my lab announced a press conference. With me at center stage. Damn.
That evening, at 11 P.M., I was nervous and worried sick. Me? At a press conference? A phone call from the NSA didn’t help, either.
Sally Knox, an administrator with NSA’s computer security center, was in town. She’d heard about tomorrow’s press conference. “Don’t you dare mention our name,” she barked into my ear. “We get enough bad press as it is.”
I look at Martha. She hears this woman’s voice from the phone and rolls her eyes. I try to soothe the spook’s worries.
“Look, Sally, NSA hasn’t done anything wrong. I’m not about to say that your funding ought to be cut.”
“It doesn’t matter. As soon as the media hears our name, there’ll be trouble. They distort everything about us. They’ll never publish a fair story.”
I look at Martha. She’s motioning me to hang up.
“OK, Sally,” I said. “I’ll make sure that I don’t even mention your agency. If anyone asks, I’ll just say, ‘No comment.’ ”
“No, don’t do that. Then those pigs will sniff around and pick up more. Tell them that we had nothing to do with it.”
“Look, I’m not gonna lie, Sally. And anyway, isn’t the National Computer Security Center a public, unclassified agency?”
“Yes, it is. But that’s no reason to let the press prowl around.”
“Then why don’t you send one of your people to my press conference?”
“None of our employees are authorized to talk to the media.”
With this attitude, it’s no wonder her agency gets such bad press.
Martha wrote me a note: “Ask her if she’s ever heard of the First Amendment,” but I couldn’t get a word in edgewise. Sally went on about how the Congress was out to get them, the press was out to get them, and I was out to get them.
She ranted for twenty-five minutes, trying to convince me not to mention NSA or the National Computer Security Center.
It’s 11:30 at night, I’m exhausted, and I can’t take any more. I’ll do anything to get off the phone.
“Listen, Sally,” I say, “where do you get off, telling me what I can’t say?”
“I’m not telling you what to say. I’m telling you not to mention the Computer Security Center.”
I hung up.
Martha rolls over in bed and looks at me. “Are they all like that?”
The next morning’s press conference was a zoo. I’m accustomed to scientific meetings and technical seminars. You always hear about press conferences, but I’d never actually seen one. Now I’m the target of one.
It was nuts. Along with my boss, Roy Kerth, I spouted for half an hour, answering questions from reporters. The television reporters asked easy ones (“How do you feel now that it’s over?”), while the newspaper people asked jagged, tough questions—“What should be the national policy on computer security?” Or “Was Admiral Poindexter justified in clamping down on sensitive but unclassified material?”
Nobody asked about the NSA. Not a mention of the National Computer Security Center. Sally had blathered for half an hour in vain.
Beforehand, I’d been pretty jaded on the press. Figured that they’d distort whatever happened. Now here was a technical story, spanning two continents and a year’s work. How would the American media report it?
Amazingly accurately. My technical article had more details—the Gnu-Emacs hole, how the hacker cracked passwords—but I was astounded by how well newspapers conveyed the story. The important stuff was there—the military computers, the sting, even Operation Showerhead.
And these reporters did their homework. They called Germany and somehow dug up what I had never found: the hacker’s name. They phoned the hacker.
“Hello, is this Markus Hess in Hannover?”
“Yes.”
“This is Richard Covey. I’m a reporter here in California. May I talk with you?”
“I cannot talk.”
“About this hacker case—could you tell me if you worked alone or with someone else?”
“I cannot answer that. The case is still running in the German courts.”
“What were your intentions?”
“It was strictly a hobby.”
“Are you a student?”
“Uh, yes. I cannot speak on the phone because I do not trust the lines. They may be tapped.”
“Do you have a lawyer?”
“Yes.”
“What is his name?”
No answer.
“Do you know Laszlo Balogh in Pittsburgh?”
“No. Never heard of him, except for the newspaper stories.”
“Can you speculate on how Balogh got the false data?”
&nbs
p; “I cannot answer that question.”
“Did you work with anyone?”
“I cannot say. I am not comfortable talking. I am not sure that the lines are clean.”
“Were you a spy?”
“Ha. Anyone who believes that is ridiculous. I was just curious.”
“Can you guess how the data got to Pittsburgh?”
“No, I cannot guess. I did not show it to anyone. It is dangerous for me to say anything more because I do not know if the telephone lines are clean.”
“Were you paid for your work?”
“I must go now. I cannot talk.” Click Markus Hess. After all this time, my cuckoo’s name is Markus Hess.
Well, he speaks English, although without contractions. And he’s as paranoid on the telephone as he is on the computer—always looking over his shoulder. German newspapers report that Hess is five foot ten inches, twenty-five years old, broad-shouldered, and known to his friends as a solid but not brilliant Unix programmer. And he chain-smokes Benson and Hedges.
Once again, I page through the Hannover telephone directory. There’s his name, all right, but who is he? What’s this guy up to? I’ll never find out from Berkeley.
Maybe I should call someone in Germany? Who do I know there? A couple students at the Max Planck Institute. Some astronomers in Darmstadt. And a college buddy in Hamburg.
Around the end of the summer, a friend of a friend sent a letter to me: “I need a place to stay while visiting San Francisco. Mind if I sleep on your floor?” Seemed it was a high school student visiting from abroad.
Martha, Claudia, and I don’t exactly run a youth hostel, but our door’s always open for visitors. Michael Sperber stayed for a couple nights and kept us amused with tales of touring the States. Just as interesting to me: his dad, Jochen Sperber, is a reporter in Northern Germany and could make contact with hackers around Hannover.
I struck paydirt. By chance, I’d found someone who was curious, persistent, and able to dig up the facts in Germany. Over the next five months, Jochen Sperber found enough information to piece together what happened at the other end of the trail.
Cuckoo's Egg Page 35