Read Underground: Tales of Hacking, Madness and Obsession from the Electronic Frontier Online
Authors: Suelette Dreyfus
The turning point for Electron was the purchase of a second-hand 300
baud modem in 1986. Overnight, the modem transformed Electron’s love of the computer into an obsession. During the semester immediately before the modem’s arrival, Electron’s report card showed six As and one B. The following semester he earned six Bs and only one A.
Electron had moved onto bigger and better things than school. He quickly became a regular user of underground BBSes and began hacking.
He was enthralled by an article he discovered describing how several hackers claimed to have moved a satellite around in space simply by hacking computers. From that moment on, Electron decided he wanted to hack--to find out if the article was true.
Before he graduated from school in 1987, Electron had hacked NASA, an achievement which saw him dancing around the dining room table in the middle of the night chanting, ‘I got into NASA! I got into NASA!’ He hadn’t moved any satellites, but getting into the space agency was as thrilling as flying to the moon.
By 1989, he had been hacking regularly for years, much to the chagrin of his sister, who claimed her social life suffered because the family’s sole phone line was always tied up by the modem.
For Phoenix, Electron was a partner in hacking, and to a lesser degree a mentor. Electron had a lot to offer, by that time even more than The Realm.
‘Cactus, Cad, Cadaver, Caddis, Cadence, Cadet, Caesura. What the fuck is a Caesura?’ Phoenix kept ploughing through the Cs.
‘Dunno. Kill that,’ Electron answered, distracted.
‘Caesura. Well, fuck. I know I’d wanna use that as a password.’
Phoenix laughed. ‘What the hell kind of word is Caduceus?’
‘A dead one. Kill all those. Who makes up these dictionaries?’
Electron said.
‘Yeah.’
‘Caisson, Calabash. Kill those. Kill, kill, kill,’ Electron said gleefully.
‘Hang on. How come I don’t have Calabash in my list?’ Phoenix feigned indignation.
Electron laughed.
‘Hey,’ Phoenix said, ‘we should put in words like "Qwerty" and
"ABCDEF" and "ASDFGH".’
‘Did that already.’ Electron had already put together a list of other common passwords, such as the ‘words’ made when a user typed the six letters in the first alphabet row on a keyboard.
Phoenix started on the list again. ‘OK the COs. Commend, Comment, Commerce, Commercial, Commercialism, Commercially. Kill those last three.’
‘Huh? Why kill Commercial?’
‘Let’s just kill all the words with more than eight characters,’
Phoenix said.
‘No. That’s not a good idea.’
‘How come? The computer’s only going to read the first eight characters and encrypt those. So we should kill all the rest.’
Sometimes Phoenix just didn’t get it. But Electron didn’t rub it in.
He kept it low-key, so as not to bruise Phoenix’s ego. Often Electron sensed Phoenix sought approval from the older hacker, but it was a subtle, perhaps even unconscious search.
‘Nah,’ Electron began, ‘See, someone might use the whole word, Commerce or Commercial. The first eight letters of these words are not the same. The eighth character in Commerce is "e", but in Commercial it’s "i".’
There was a short silence.
‘Yeah,’ Electron went on, ‘but you could kill all the words like Commercially, and Commercialism, that come after Commercial.
See?’
‘Yeah. OK. I see,’ Phoenix said.
‘But don’t just kill every word longer than eight characters,’
Electron added.
‘Hmm. OK. Yeah, all right.’ Phoenix seemed a bit out of sorts. ‘Hey,’
he brightened a bit, ‘it’s been a whole ten minutes since my machine crashed.’
‘Yeah?’ Electron tried to sound interested.
‘Yeah. You know,’ Phoenix changed the subject to his favourite topic,
‘what we really need is Deszip. Gotta get that.’ Deszip was a computer program which could be used for password cracking.
‘And Zardoz. We need Zardoz,’ Electron added. Zardoz was a restricted electronic publication detailing computer security holes.
‘Yeah. Gotta try to get into Spaf’s machine. Spaf’ll have it for sure.’ Eugene Spafford, Associate Professor of Computer Science at Purdue University in the US, was one of the best known computer security experts on the Internet in 1990.
‘Yeah.’
And so began their hunt for the holy grail.
[ ]
Deszip and Zardoz glittered side by side as the most coveted prizes in the world of the international Unix hacker.
Cracking passwords took time and computer resources. Even a moderately powerful university machine would grunt and groan under the weight of the calculations if it was asked to do. But the Deszip program could change that, lifting the load until it was, by comparison, feather-light. It worked at breathtaking speed and a hacker using Deszip could crack encrypted passwords up to 25 times faster.
Zardoz, a worldwide security mailing list, was also precious, but for a different reason. Although the mailing list’s formal name was Security Digest, everyone in the underground simply called it Zardoz, after the computer from which the mailouts originated. Zardoz also happened to be the name of a science fiction cult film starring Sean Connery. Run by Neil Gorsuch, the Zardoz mailing list contained articles, or postings, from various members of the computer security industry. The postings discussed newly discovered bugs--problems with a computer system which could be exploited to break into or gain root access on a machine. The beauty of the bugs outlined in Zardoz was that they worked on any computer system using the programs or operating systems it described. Any university, any military system, any research institute which ran the software documented in Zardoz was vulnerable. Zardoz was a giant key ring, full of pass keys made to fit virtually every lock.
True, system administrators who read a particular Zardoz posting might take steps to close up that security hole. But as the hacking community knew well, it was a long time between a Zardoz posting and a shortage of systems with that hole. Often a bug worked on many computers for months--sometimes years--after being announced on Zardoz.
Why? Many admins had never heard of the bug when it was first announced. Zardoz was an exclusive club, and most admins simply weren’t members. You couldn’t just walk in off the street and sign up for Zardoz. You had to be vetted by peers in the computer security industry. You had to administer a legitimate computer system, preferably with a large institution such as a university or a research body such as CSIRO. Figuratively speaking, the established members of the Zardoz mailing list peered down their noses at you and determined if you were worthy of inclusion in Club Zardoz. Only they decided if you were trustworthy enough to share in the great security secrets of the world’s computer systems.
In 1989, the white hats, as hackers called the professional security gurus, were highly paranoid about Zardoz getting into the wrong hands.
So much so, in fact, that many postings to Zardoz were fine examples of the art of obliqueness. A computer security expert would hint at a new bug in his posting without actually coming out and explaining it in what is commonly referred to as a ‘cookbook’ explanation.
This led to a raging debate within the comp-sec industry. In one corner, the cookbook purists said that bulletins such as Zardoz were only going to be helpful if people were frank with each other. They wanted people posting to Zardoz to provide detailed, step-by-step explanations on how to exploit a particular security hole. Hackers would always find out about bugs one way or another and the best way to keep them out of your system was to secure it properly in the first place. They wanted full disclosure.
In the other corner, the hard-line, command-and-control computer security types argued that posting an announcement to Zardoz posed the gravest of security risks. What if Zardoz fell into the wrong hands?
Why, any sixteen-year-old hacker would have step-by-step directions showing how to break into thousands of individual computers! If you had to reveal a security flaw--and the jury was still out in their minds as to whether that was such a good idea--it should be done only in the most oblique terms.
What the hard-liners failed to understand was that world-class hackers like Electron could read the most oblique, carefully crafted Zardoz postings and, within a matter of days if not hours, work out exactly how to exploit the security hole hinted at in the text. After which they could just as easily have written a cookbook version of the security bug.
Most good hackers had come across one or two issues of Zardoz in their travels, often while rummaging though the system administrator’s mail on a prestigious institution’s computer. But no-one from the elite of the Altos underground had a full archive of all the back issues. The hacker who possessed that would have details of every major security hole discovered by the world’s best computer security minds since at least 1988.
Like Zardoz, Deszip was well guarded. It was written by computer security expert Dr Matthew Bishop, who worked at NASA’s Research Institute for Advanced Computer Science before taking up a teaching position at Dartmouth, an Ivy League college in New Hampshire. The United States government deemed Deszip’s very fast encryption algorithms to be so important, they were classified as armaments. It was illegal to export them from the US.
Of course, few hackers in 1990 had the sophistication to use weapons such as Zardoz and Deszip properly. Indeed, few even knew they existed. But Electron and Phoenix knew, along with a tiny handful of others, including Pad and Gandalf from Britain. Congregating on Altos in Germany, they worked with a select group of others carefully targeting sites likely to contain parts of their holy grail. They were methodical and highly strategic, piecing information together with exquisite, almost forensic, skill. While the common rabble of other hackers were thumping their heads against walls in brute-force attacks on random machines, these hackers spent their time hunting for strategic pressure points--the Achilles’ heels of the computer security community.
They had developed an informal hit list of machines, most of which belonged to high-level computer security gurus. Finding one or two early issues of Zardoz, Electron had combed through their postings looking not just on the surface--for the security bugs--but also paying careful attention to the names and addresses of the people writing articles. Authors who appeared frequently in Zardoz, or had something intelligent to say, went on the hit list. It was those people who were most likely to keep copies of Deszip or an archive of Zardoz on their machines.
Electron had searched across the world for information about Deszip and DES (Data Encryption Standard), the original encryption program later used in Deszip. He hunted through computers at the University of New York, the US Naval Research Laboratories in Washington DC, Helsinki University of Technology, Rutgers University in New Jersey, Melbourne University and Tampere University in Finland, but the search bore little fruit. He found a copy of CDES, a public domain encryption program which used the DES algorithm, but not Deszip. CDES could be used to encrypt files but not to crack passwords.
The two Australian hackers had, however, enjoyed a small taste of Deszip. In 1989 they had broken into a computer at Dartmouth College called Bear. They discovered Deszip carefully tucked away in a corner of Bear and had spirited a copy of the program away to a safer machine at another institution.
It turned out to be a hollow victory. That copy of Deszip had been encrypted with Crypt, a program based on the German Enigma machine used in World War II. Without the passphrase--the key to unlock the encryption--it was impossible to read Deszip. All they could do was stare, frustrated, at the file name Deszip labelling a treasure just out of reach.
Undaunted, the hackers decided to keep the encrypted file just in case they ever came across the passphrase somewhere--in an email letter, for example--in one of the dozens of new computers they now hacked regularly. Relabelling the encrypted Deszip file with a more innocuous name, they stored the copy in a dark corner of another machine.
Thinking it wise to buy a little insurance as well, they gave a second copy of the encrypted Deszip to Gandalf, who stored it on a machine in the UK in case the Australians’ copy disappeared unexpectedly.
[ ]
In January 1990, Electron turned his attention to getting Zardoz.
After carefully reviewing an old copy of Zardoz, he had discovered a system admin in Melbourne on the list. The subscriber could well have the entire Zardoz archive on his machine, and that machine was so close--less than half an hour’s drive from Electron’s home. All Electron had to do was to break into the CSIRO.
The Commonwealth Scientific and Industrial Research Organisation, or CSIRO, is a government owned and operated research body with many offices around Australia. Electron only wanted to get into one: the Division of Information Technology at 55 Barry Street, Carlton, just around the corner from the University of Melbourne.
Rummaging through a Melbourne University computer, Electron had already found one copy of the Zardoz archive, belonging to a system admin. He gathered it up and quietly began downloading it to his computer, but as his machine slowly siphoned off the Zardoz copy, his link to the university abruptly went dead. The admin had discovered the hacker and quickly killed the connection. All of which left Electron back at square one--until he found another copy of Zardoz on the CSIRO machine.
It was nearly 3 a.m. on 1 February 1990, but Electron wasn’t tired.
His head was buzzing. He had just successfully penetrated an account called Worsley on the CSIRO computer called DITMELA, using the sendmail bug. Electron assumed DITMELA stood for Division of Information Technology, Melbourne, computer ‘A’.
Electron began sifting through Andrew Worsley’s directories that day.
He knew Zardoz was in there somewhere, since he had seen it before.
After probing the computer, experimenting with different security holes hoping one would let him inside, Electron managed to slip in unnoticed. It was mid-afternoon, a bad time to hack a computer since someone at work would likely spot the intruder before long. So Electron told himself this was just a reconnaissance mission. Find out if Zardoz was on the machine, then get out of there fast and come back later--preferably in the middle of the night--to pull Zardoz out.