As early as he can remember, computers were a part of Zatko’s life as fundamental as food or clothing. His father was a professor at the University of Alabama who studied how the magnetic pull of electrons could help analyze chemicals and spent his spare time obsessing over early home-built PCs. The elder Zatko sanded the sharp edges off of components like circuit boards and nixie tubes and placed them in his son’s crib as toys. “He saw very early that there was a schism forming between people who understood computers and those who were afraid of them,” says Zatko. “He wanted me to grow up with technology all around me.”
Sure enough, by the time Zatko could speak, he was asking questions about his computational playthings. By the age of five, he was tinkering with his father’s Southwest Technical Products Corporation 6800 microcomputer, Altair 8800, and Tektronix 4051. Those early PCs had to be assembled from kits, and learning to use them was often inextricable from learning to code. So a kindergarten-age Zatko acquired the ability to write software as naturally as most children learn to write their ABCs. At the same time, his parents introduced him to the violin and later the guitar; his talents on both sets of instruments, digital and analog, developed in parallel.
When the Apple II was released, Zatko’s grandfather spent Zatko’s father’s entire inheritance to buy the sleek new machine for the family’s prodigy. Plugging into Steve Jobs and Steve Wozniak’s powerful creation, Zatko soon discovered video games, their annoying copyright protections, and the tantalizing task of picking those digital locks. “It’s 1978, I’m eight years old, and twenty dollars for a game is a lot of money,” says Zatko. “I can’t even make a backup copy. So I had to hack the systems, reverse engineer and disassemble them. That became my game.”
Soon the allure of piracy gave way to a game with a far wider scope: Zatko discovered the anarchic landscape of connected information systems built by the same agency that would hire him thirty years later: The ARPANET. Zatko would set his modem to cycle through random numbers, a process known as “war dialing,” until it found a connection with a faraway Honeywell mainframe in some academic research lab across America. Connecting with those seemingly abstract machines, he’d roam the primitive and sparsely populated networks of a barely discovered digital continent.
Security in the networked world of the early 1980s wasn’t merely lax; it was an idea that would have seemed culturally nonsensical, like locking the fridge in your own home. Instead of requiring passwords, common courtesy required that anyone dialing in simply introduce himself or herself, and the local administrator would respond, often asking the visitor to politely avoid certain parts of the network.
Those innocent times evaporated, Zatko says, in 1983, the year that the film WarGames hit theaters. In the movie, a young Matthew Broderick demonstrates tricks like hacking into his school’s network to change his grades, and eventually war-dials into a military supercomputer known as the WOPR, gaining control of the United States’ arsenal of nuclear weapons. Thinking he’s merely playing a game, Broderick’s character launches a simulated Russian attack that nearly sparks a nuclear apocalypse.
“That Christmas,” says Zatko, “every kid in America asked his parents for a modem.”
Soon Zatko’s silent forays into the unknown were crowded with other, overeager young intruders, many of whom didn’t possess the technical knowledge or cultural context to tread lightly on the systems they visited. “The noise versus signal ratio on the networks shot way up,” Zatko says. By the time the Computer Fraud and Abuse Act was passed in 1986, making unauthorized intrusions on closed networks illegal, “everything was already locked up,” he says.
But Zatko’s hobby of breaking the copy protections on video games had evolved into a taste for circumventing security, as it had in the minds of thousands of other kids across the world. They met on bulletin boards and Usenet to exchange tricks—how to crack passwords, make free calls, even get hold of credit card numbers.
The teenaged Zatko, who idolized Frank Zappa and as a teenager met another of his heroes, Abbie Hoffman, felt the same distaste for authority as his networked cohorts. Still, he says his explorations remained a matter of innocent curiosity, and he claims he was granted permission by system administrators to access the same networks that had long been his online haunts. “If you asked, it was amazing how often people would say OK and invite you in,” he says.
But Zatko’s friends from a decade later tell a somewhat different story, one of a young hacker who saw network defenses as speed bumps, and crossed enough of them to run afoul of the feds before the age of eighteen. In 1999, he told The New York Times Magazine that he had once received an informal warning from a “three letter agency.” Zatko claims he never knowingly broke computer laws as a teenager; he has no criminal record. The only souvenir that remains of his adventures on the edge of the law would be a long-confiscated Apple II PC that his colleagues say appeared in his office many years later, a well-preserved time capsule from a more anarchic period of Zatko’s and the Internet’s life.
Fortunately for the young hacker, he also possessed less controversial talents. In 1988, Zatko was accepted to the Berklee College of Music in Boston and spent the next four years honing his guitar skills and composing music. After graduating at the top of his class, Mudge started work at a Boston computer graphics firm, joined a progressive rock band, and began attending a meet-up of hacker types the first Friday of every month at the Au Bon Pain across from Harvard Square’s chess tables. It was a young male scene drawn from an online bulletin board called the Works, where Zatko had made a name for himself under the pseudonym “Mudge.” One evening, a co-worker who was known within the group by the handle White Knight invited Mudge into a far more elite world of in-the-flesh hackers, a group that would become as iconic in cybersecurity circles as any rock band: the L0pht.
Leading Mudge up to the second floor of a rough brick warehouse above a woodworking shop in Boston’s South End, White Knight opened a door to a hacker clubhouse of every WarGames-induced fantasy. The walls were paneled with old motherboards and AT&T signs, and lined with microcomputers from Digital Equipment Corporation, outdated Apple and Commodore PCs, and scavenged pay phones. Cables hung from the ceiling, plugged into modems and half-assembled PCs and strung around salvaged mannequins in sadomasochistic configurations. In later incarnations, the L0pht would add a PC with Web access rigged to the toilet for convenient bathroom browsing. A fifty-foot antenna was attached to the roof. All of it had no purpose other than pure merriment and experimentation.
Even before Mudge arrived, the L0pht had a unique approach to hacking. Instead of seeking out other vulnerable networks for infiltration, the ten or so members of the L0pht’s lab acquired and built their own computers and even their own networks, hardly a common feat at the time. Then the band of twentysomethings, split between one room for software hacking and the other for hardware, would systematically and gleefully defeat their own systems’ security.
That strategy meant that the members of the L0pht, hackers with names like Kingpin, Weld Pond, Count Zero, Space Rogue, Brian Oblivion, Silicosis, and Dildog, could refine their skills and break ground in digital penetration without ever stepping across the law. The L0pht’s misfits adhered instead to a sort of modernized version of the hacker code laid out ten years before by Steven Levy in the book Hackers: Don’t hack anyone else’s machines. Don’t break the law. Share everything, both physical materials and information.
Ethics aside, the L0pht was a wellspring of epic mischief. Kingpin, a brilliant baby-faced hacker in his early twenties, had developed a hardware kit to eavesdrop on the unencrypted signals from pagers, a protocol known as POCSAG. Space Rogue, a former army soldier with close cropped hair, hosted the Mac Whack Archive, an FTP download site with the world’s largest collection of Apple hacking tools. At one point, the group heard that a university in Pennsylvania was giving away a PDP-11 microcomputer. So they rented a Ryd
er truck, hauled the washing machine–size monster to Boston along with its equally large storage module, got them running, and then tried to digitally penetrate them, simply to see if they could.
The first night Mudge entered the L0pht, the elite group of hackers were struck by his technical genius, his heavy-metal hair, and the onstage charisma and extroversion that he’d learned as a performing musician. “He had that reality distortion field,” says Space Rogue. “He could see we needed a front man, and that’s what he became.”
At the time, the L0pht had a de facto leader in Count Zero, one of the group’s two cofounders. But Count Zero was going through a messy divorce that kept him away from the L0pht for months at a time, long enough for Mudge to stake his claim. When the group decided to upgrade to a larger space in Watertown on the outskirts of the city, Mudge suggested a vote on whether to leave the absent Count behind. At an Italian restaurant, the group officially announced Count Zero’s exile. Mudge had cemented his role as first among the hacker gang’s equals.
As he became the group’s public face and dominant personality, Mudge began to push a new exhibitionist strategy for the L0pht: not simply to hack for its own sake, but to hack in public, publishing their work on L0pht.com and online forums. The hacker mantra of free information taken to its logical extreme: They would emerge from the underground and broadcast their digital exploits.
Mudge began to court the media, finding curious reporters first in local trade publications and then later in Wired, The Washington Post, and the BBC. They sold T-shirts, attracted groupies, and proudly called themselves “media whores.” Taking cues from Mudge’s hero Abbie Hoffman and consumer protection icon Ralph Nader, the L0pht provocatively placed the onus for security blowups not on evil hacker bogeymen, but on the IBMs, Oracles, Microsofts, and Sun Microsystems of the world, chiding them for not building safer tools for customers. “Companies were saying their products were secure, with no proof at all. So we ripped them apart,” says Mudge with a tinge of excitement. “It felt good to take down corporate giants.”
Mudge and the L0pht dug into a new middle ground between villainous “black hat” hackers and milquetoast “white hat” penetration testers: They called it “gray hat” hacking. The group didn’t use its skills for evil or illegality. But nor did they hide their uncanny ability to demolish common programs’ security. At first, companies tried not to acknowledge them. Soon, they had no choice.
In 1997, for instance, the L0pht members found a vulnerability known as a buffer overflow in Internet Explorer. Exploiting that flaw meant that any user tricked into clicking on a booby-trapped link could have his or her computer immediately hijacked. As Dildog wrote in the advisory L0pht published, “Click on the link. Become aware of what happens to your machine. Freak out and beg Microsoft to make the bad man stop.”
The next year, Mudge discovered that the encryption used by Windows NT, the corporate version of Microsoft’s operating system, had several fatal weaknesses: It stored passwords without regard for upper or lower case characters, and split them into more easily analyzed chunks of seven characters no matter how long they were. While it used a technique called a “hash” to encrypt those password chunks, it failed to “salt” its hashes, a trick that added another layer of noise into the cipher. Each of those mistakes made it mathematically far easier for a systematic hacker to guess the key.
Mudge called Microsoft’s approach “kindergarten crypto.” And L0phtCrack, the tool he built, combined every trick in the code-breaking textbook—dictionary attacks that cycle through huge word-sets, brute force attacks that attempted every possible key, and more technical methods like rainbow tables—to defeat that crippled cryptography in record time. By the time the tool was released, it could unlock a network’s entire registry of passwords in around twenty-six days, compared with the five thousand years that Microsoft claimed. “It’s big. It’s bad. It cuts through NT passwords like a diamond tipped, steel blade,” the tool’s documentation read. “It ferrets them out from the registry, from repair disks, and by sniffing the net like an anteater on Dexedrine.”
Microsoft noticed. At the next Black Hat security conference in Las Vegas, the software megalith’s executives took the L0pht out for an expensive dinner, agreeing to patch their security flaws on a rigorous deadline and publicly credit the L0pht if the group’s researchers would give them a window of time before going public. Eventually, several of the L0pht’s members would be hired to work for Microsoft as security consultants.
As the L0pht members hacked away into the early morning hours, they’d drink whiskey and beer and shout taunts at one another through the wall separating their hardware and software teams. But they weren’t just talking among themselves. They were often communing with hackers around the globe over IRC, the same protocol still used today by Anonymous to coordinate its actions. Then as now, it was the lingua franca of the hacker underground. And it was through IRC that Mudge met Julian Assange.
Assange, then using the handle Proff, took note of Mudge’s cleverer hacks and often distributed L0pht’s advisories to the Best of Security group that Assange ran on Suburbia’s servers. But the two hackers had a mutual regard for the other’s alpha geek status that went beyond reading each other’s research, and they exchanged ideas over the undersea cables that connected Melbourne and Boston. More than once, they met in the physical world, including at least one meal together at the Chaos Communication Congress in Berlin. “Everyone knew everyone on IRC,” says one ex-member of the L0pht. “But when Mudge and Assange met at conferences or had dinner, that seemed like a different sort of connection.”
No one besides Mudge and Assange themselves, perhaps, knows the content of their conversations. When I asked Assange about Mudge in 2010, he would only say guardedly that “they were in the same milieu.”
I reminded Assange that Mudge today leads CINDER, a military program designed to plug the same leaks that fuel his secret-spilling organization. Assange seemed unwilling to accept that idea. “He’s a very clever guy, and a very ethical person. I don’t believe that he would build a tool for censorship.”
When I asked Mudge about Assange, he warned me that his official role at DARPA meant he couldn’t make any comments about the Australian. But he added that he still has “very fond memories of those old days gone by.”
In December, Forbes magazine published a story I wrote about WikiLeaks, with Assange’s face on the cover. It quoted Mudge speaking about his leadership of CINDER and mentioned his friendly connection to the WikiLeaks founder. After the magazine hit newsstands, Mudge never spoke to me again.
If Mudge’s career followed the same path as his Australian doppelgänger, Aaron Barr’s traced one closer to that of Bradley Manning: an aimless American teenager, tempted into the military by the siren song of a top secret clearance.
Barr grew up in Hoquiam, Washington, a rough logging community in the same cluster of towns that produced Kurt Cobain. He remembers “hardy, dirty people,” drunken fights nightly, and “more bars than churches.” His father was an exception: A former mill worker, he had lost two fingers and part of his thumb to an industrial saw. That accident had produced a legal settlement, enough for the elder Barr to return to school and study Nietzsche. He would write poetry and take his son on long drives, quizzing him on history and politics.
As a teen, Barr was given a Commodore 64 and spent hours reading programming magazines to tame its mysterious innards. He played Dungeons & Dragons, took apart and reassembled electronics, and joined his school’s computer club.
Then he discovered girls. A confident teen with a talent for sports, he found his focus on technology and education dissolving; by the time he graduated, he had a 2.7 GPA, the lowest of all his friends.
Barr tried a few semesters at the local community college without much enthusiasm. But when a couple of old classmates joined the army and told him about their experiences at
boot camp, the eighteen-year-old was intrigued. He spoke with a navy recruiter, who wowed him with talk of code-breaking and privileged secrecy. “It sounded sexy to an eighteen-year-old,” he says. “So I joined up.”
After a few years at a Florida naval base, Barr’s technical affinity and the navy’s training had made him a competent practitioner of high-frequency direction finding or huff-duff, the branch of signals intelligence aimed at analyzing the information wrapped up in a radio signal to locate its source. By the mid-nineties he had graduated to advanced signals analysis, what he describes as “big, hard communications.” Barr’s team would intercept a radio signal, often a multilayered collection of voice and data, unravel the strands of that information rope, and seek to understand it, sometimes breaking Russian and Chinese crypto with techniques unfit for public consumption.
The navy moved Barr to Rota, Spain, near the Strait of Gibraltar. Ships passing on to the Mediterranean Sea, Adriatic, or down the coast of Africa would request analysts for specific stints and Barr would often be helicoptered out to spend weeks on whatever aircraft carrier he was assigned to. He remembers those missions and the leaves between them as some of the best experiences of his life: roasting chicken on an isolated beach in the Ivory Coast, or drinking formaldehyde-tinged beer with locals in an Odessa bar.
In 1998, NATO entered the war in Kosovo. And in 1999, the Marines needed SIGINT analysts to support their incursion into the war-torn region. Barr, then serving on the USS Kearsarge, volunteered. “I thought it would be neat,” he says. “I’m kind of an outdoorsy guy.”
Soon he found himself on a helicopter to Macedonia, then camping in a disused chicken farm near Gnjilane, Kosovo. He and his Marine companions brought what they could carry, ate meals from bags, and went the entire month-long mission without showering. Barr slept under the stars. “I couldn’t even stand my own smell, not to mention the four other men in my tent,” he says.
This Machine Kills Secrets Page 23