Cuckoo's Egg
Page 9
Or maybe the hacker had a list of computers with security holes. “Say, Chris, do you have Gnu-Emacs on your computers?”
Chris didn’t know, but he’d ask around. But to exploit that hole, the hacker had to log in first. And the hacker had failed, after trying four times on each of five computers.
White Sands kept their doors locked by forcing everyone on their computers to use long passwords, and to change them every four months. A technician wasn’t allowed to choose her own password—the computer assigned unguessable passwords, like “agnitfom” or “nietoayx.” Every account had a password, and none could be guessed.
I didn’t like the White Sands system. I couldn’t remember computer-generated passwords, so I’d write them in my wallet or next to my terminal. Much better to allow people to choose their own passwords. Sure, some people would pick guessable passwords, like their names. But at least they wouldn’t complain about having to memorize some nonsense word like “tremvonk,” and they wouldn’t write them down.
But the hacker got into my system and was rebuffed at White Sands. Maybe random passwords, obnoxious and dissonant, are more secure. I don’t know.
I’d followed the boss’s orders. The FBI didn’t care about us, but the Air Force sleuths were on the case. And I’d notified White Sands that someone was trying to break in. Satisfied, I met Martha at a vegetarian pizza stand. Over slices of thick-crust spinach and pesto, I described the day’s events.
“Vell, Natasha, we have accomplished mission one.”
“Vonderful, Boris, vhat a victory. Boris … vhat is mission one?”
“We have made rendezvous vith ze secret air force police, Natasha.”
“Yes, Boris?”
“Ve have alerted ze missile base to ze counter-counter-intelligence efforts.”
“Yes, Boris?”
“And we have ordered ze secret spy pizza.”
“But Boris, ven do we catch ze spy?”
“Patience, Natasha. Zat is mission two.”
It wasn’t until we started walking home that we got to the serious side of our game.
“This thing is getting weirder and weirder,” Martha said. “It started out as a hobby, chasing some local prankster, and now you’re talking to these military people who wear suits and have no sense of humor. Cliff, they’re not your type.”
I defended myself stuffily, “This is a harmless and possibly beneficial project to keep them busy. After all, this is what they’re supposed to be doing—keeping the bad guys out.”
Martha wouldn’t let that sit. “Yeah, but what about you, Cliff. What are you doing hanging out with these people? I understand that you have to at least talk to them, but how deeply are you getting involved?”
“Every step makes perfect sense from my point of view,” I said. “I’m a system manager trying to protect my computer. If someone hacks into it, I have to chase him. To ignore the bastard will let him wreck other systems. Yes, I’m cooperating with the Air Force police, but that doesn’t mean I approve of everything the military stands for.”
“Yes, but you have to decide how you want to live your life,” Martha said. “Do you want to spend your time being a cop?”
“A cop? No, I’m an astronomer. But here’s someone threatening to destroy our work.”
“We don’t know that,” Martha retorted. “Maybe this hacker is closer to us politically than those security people. What if you’re chasing someone on your own side? Perhaps he’s trying to expose problems of military proliferation. Some sort of electronic civil disobedience.”
My own political views hadn’t evolved much from the late 1960s … a sort of fuzzy, mixed bag of the new-left. I’d never thought much about politics, feeling that I was a harmless non-ideologue, trying to avoid unpleasant political commitments. I resisted radical left-wing dogma, but I sure wasn’t a conservative. I had no desire to buddy up with the feds. Yet here I was, walking side by side with the military police.
“About the only way to find out who’s at the other end is to trace the wires,” I said. “These organizations may not be our favorites, but the particular actions that we’re cooperating over aren’t bad. It’s not like I’m running guns to the Contras.”
“Just watch your step.”
My three weeks were almost up. If I didn’t catch the hacker within twenty-four hours, the lab would shut down my tracking operation. I camped out in the switchyard, jumping at every connection. “Come into my parlor,” said the spider to the fly.
Sure enough, at 2:30 in the afternoon, the printer advanced a page, and the hacker logged in. Although this time he used the stolen account, Goran, I didn’t doubt that it was the hacker: he immediately checked who was on the computer. Finding no operator present, he searched out the Gnu-Emacs security hole, and started his delicate minuet to become super-user.
I didn’t watch. A minute after the hacker connected, I called Ron Vivier at Tymnet and Lee Cheng at the phone company. I took notes as Ron mumbled, “He’s coming into your port 14, and entering Tymnet from Oakland. It’s our port 322 which is, uh, let me see here.” I could hear him tapping his keyboard. “Yeah, it’s 2902. 430–2902. That’s the number to trace.”
Lee Cheng popped on the phone line. “Right. I’m tracing it.” More keytaps, this time with a few beeps thrown in. “That line is live, all right. And it’s coming from AT&T. AT&T in Virginia. Hold on, I’ll call New Jersey.”
I listened in as Lee talked with some AT&T guy named Edsel (or was it Ed Sell?) in Whippany, New Jersey. Apparently, all of AT&T’s long-distance phone lines are traced through New Jersey. Without understanding the jargon, I transcribed what I heard. “Routing 5095, no that’s 5096MCLN.”
Another technician’s voice broke in. “I’ll call McLean.”
The New Jersey technician came back. “Yeah. 5096 terminates in 703 land.”
There were suddenly six people on the line. The phone company’s conference calls were crisp and loud. The newest member of the conference call was a woman with a slight drawl. “Y’all are trunked into McLean, and it’s almost dinnertime here at C and P.”
Lee’s clipped voice interrupted her. “Emergency trace on routing code 5096MCLN, your termination line 427.”
“I copy 5096MCLN line 427. I’m tracing right now.”
Silence for a minute, then she came back on line. “Here it comes, boys. Hey, it looks like it’s from 415 territory.”
“Yeah. Greetings from San Francisco Bay,” Lee slid in.
She spoke to no one in particular. “Trunk group 5096MCLN, routing 427 winds up in 448. Our ESS4 at 448. Is it a PBX?” She answered her own question: “No, it’s a rotary. Frame twenty-four. I’m almost at the tip ring sleeve. Here we are. Five hundred pair cable, group three number twelve … that’s ten, uh, ten sixty. You want me to confirm with a short dropout?”
Lee interpreted her jargon. “She’s completed the trace. To make sure that she’s traced the right number, she wants to turn off the connection for a second. If she does that, it’ll hang up the line. Is that OK?”
The hacker was in the midst of reading some electronic mail. I doubted that he’d miss a few characters. “Sure. Tell her to go ahead, and I’ll see what happens here.”
Lee talked with her a bit, and announced with certainty, “Stand by.” He explained that each telephone line has a set of fuses in the central switching office; they protect the equipment from lightning and idiots that plug their phone lines into power outlets. The central office technician can go to the cable room and pull the line’s fuse, forcing it to hang up. It wasn’t necessary, but it double checked their tracing efforts.
In a minute, the central office tech came onto the line and said, “I’m popping the fuse … now.” Sure enough, the hacker dropped off, right in the middle of a command. They’d traced the right line.
The woman’s voice came on. “It’s 1060, all right. That’s all, boys. I’ll shuffle some tissues and ship it on upstairs.”
Lee thanked everyone,
and I heard the conference call clear. “The trace is complete and the technician’s writing it up. As soon as I get the trace data, I’ll give it to the police.”
I didn’t understand. Why didn’t he just tell me the owner of the phone?
Lee explained that the telephone company dealt with the police, not with individuals. Moreover, he didn’t know where the line had been traced to. The tech that completed the trace would fill out the proper papers (aah! “shuffling tissues”) and release them to the authorities.
I protested, “Can’t you just short-circuit the bureaucracy and tell me who the hacker is?”
No. First, Lee didn’t have the trace information. The technician in Virginia did. Until the Virginia phone company released it, Lee knew as little as I did.
Lee pointed out another problem: my search warrant was only valid in California. A California court couldn’t compel the Virginia telephone company to turn over evidence. We’d need either a Virginia or Federal court order.
I protested, “The FBI’s turned us down five times already. And the guy’s probably not breaking any Virginia law. Look, can’t you give me the phone number on the side and just wink?”
Lee didn’t know. He’d call Virginia and try to convince them to give us the information, but he didn’t hold out much hope. Damn. At the other end of the phone line, someone was breaking into military computers, and we couldn’t even get his phone number, ten seconds after the line was traced.
The phone trace was complete, though not quite successful. How do we get a Virginia search warrant? My boss, Roy Kerth, was gone for the next couple weeks, so I called the lab’s lawyer directly. To my surprise, Aletha paid serious attention to the problem. She’d rattle the FBI again, and see whether we had a case in Virginia. I warned her that, as a peon, I had no authority to even be talking to her, let alone asking for legal services. She reassured me, “Don’t be silly. This is more fun than worrying about patent law.”
The laboratory police wanted to know all about the phone trace. I told them to prepare to stake out the entire state of Virginia. Despite my cynicism, they were surprisingly sympathetic to my problem with the Virginia search warrant, and offered to use their old-boy-network to get the information through some informal channel. I doubted it would work, but why not let them try?
The phone company might conceal the hacker’s phone number, but my printers showed his every move. While I talked to Tymnet and the telephone techs, the hacker had prowled through my computer. He wasn’t satisfied reading the system manager’s mail; he also snooped through mail for several nuclear physicists.
After fifteen minutes of reading our mail, he jumped back into Goran’s stolen account, using his new password, Benson. He started a program that searched our user’s files for passwords; while that executed, he called up the Milnet Network Information Center. Again, he knew who he was looking for:
He had asked for the pathway into the CIA. But instead of their computer, he found four people who worked at the CIA.
Whee! I pictured all these CIA spies playing cloak-and-dagger; meanwhile, someone’s pushing on their backdoor.
So I asked myself, “Should I tell them?”
“No. Why waste my time telling them? Let some spy run around in the CIA’s backyard. See if I care. My three weeks of chasing the hacker are up. It’s about time to shut our doors and work on real problems of physics and astronomy. He’s someone else’s problem now.”
And yet it didn’t feel right. The hacker walked through military computers, yet nobody noticed. The CIA didn’t know. The FBI didn’t care. Who would pick up where we left off?
I reached for the telephone to call the people listed in the CIA, then put it down. What’s a long-haired hippie doing calling some spooks? What would Martha say?
Well, whose side was I on? Not the CIA’s, for sure. But then, I wasn’t rooting for someone to break in there, either. At least I didn’t think so.
Foo. The jerk was trying to slither into someone’s computer. Nobody else will warn them, so I’d better. I’m not responsible for the CIA’s actions, only my own.
Before I could change my mind again, I called the first CIA guy’s phone number. No answer. The second guy was on vacation—his answering machine said so. The third person …
A business voice answered, “Extension 6161.”
I stammered a bit, “Um, hello, I’m looking for Ed Manning.”
“Yes?”
I didn’t know where to begin. How do you introduce yourself to a spy? “Uh, you don’t know me, but I’m a computer manager, and we’ve been following a computer hacker.”
“Uh-huh.”
“Well, he searched for a pathway to try to get into the CIA’s computers. Instead, he found your name and phone number. I’m not sure what this means, but someone’s looking for you. Or maybe they’re just looking for the CIA and stumbled on your name.” I’m floundering, scared of the guy I’m talking to.
“Who are you?”
Nervously, I told him, expecting him to send over a gang of hit men in trench coats. I described our laboratory, making sure he understood that the People’s Republic of Berkeley didn’t have official diplomatic relations with his organization.
“Can I send someone over tomorrow? No, that’s Saturday. How about Monday afternoon?”
Uh oh. The hit men were on their way. I tried to backpedal. “This probably isn’t serious. The guy didn’t find anything except four names. You don’t have to worry about him getting into your computer.”
Mr. Manning wasn’t convinced. “I know why my name’s listed. Last year I worked on some computers at the Ballistics Research Lab. But we’re professionally interested in this, and we’d appreciate a chance to learn more. Conceivably, this might be a serious problem.”
Who was I talking to? Weren’t these the people who meddle in Central American politics and smuggle arms to right-wing thugs? Yet the guy I’d just talked to didn’t sound like a villain. He seemed like an ordinary person concerned with a problem.
And why not set them on the trail of someone just as meddlesome and destructive as I always thought they were? Tracking down a real wrongdoer would give the CIA something harmless, perhaps even beneficial, to do—keep them out of trouble.
It was no use arguing. They needed to know, and I couldn’t see a good reason to avoid telling them. And talking to the CIA wouldn’t hurt anyone—it wasn’t like shipping guns to a military dictator. After all, isn’t this what they’re legitimately supposed to do: protect us from bad guys? If I don’t tell them what’s happening, who will?
I couldn’t help comparing the CIA’s immediate reaction with the response I got from the FBI. Six calls for help, and a half dozen responses, “Go away, kid.”
Well, I agreed to meet with his agents, provided they didn’t wear trench coats.
“Now I’ve put my foot in it,” I thought. “Not only am I talking to the CIA, but I’m inviting them up to Berkeley. What’ll I tell my radical friends?”
Windmill Quarry is just across the Niagara River from Buffalo, New York, where I grew up. It’s a ten-mile bicycle ride, across the Peace Bridge to Canada and down a few winding roads to the finest swimming hole around. If you dodge the potholes and speak politely to the U.S. and Canadian customs agents, you’ll have no problems.
High school had just let out in June of 1968 when I biked over to Windmill Quarry for a Saturday swim. Two other friends and I wore ourselves out trying to swim to the raft in the middle of the water. Around six, we ran out of steam, hopped on our bikes, and headed back to Buffalo.
Three miles shy of the Peace Bridge, we were pedaling along the stony margins of a country road when a pickup truck crowded us off the roadside. Someone swore at us and tossed a half-empty can of Genessee beer, hitting our lead rider. She wasn’t hurt but all three of us were furious.
We were on our bikes. No way to catch up with the SOBs. Even if we could, what would we do? We were three miles inside of Canada, after all. We were pow
erless, unable to retaliate.
But I’d caught a glimpse of the license plate. From New York State. Oh … they’re returning to Buffalo, too. Then it hit me.
I stopped at the first phone booth—luckily there was a directory—and called the U.S. customs agents. “There’s a green Chevy pickup truck heading for the Peace Bridge,” I reported. “I’m not sure, but I think they’re carrying some drugs.” The agent thanked me, and I hung up.
The three of us biked back at a leisurely pace. We got to the bottom of the bridge, looked over at the side of the road … and my heart sang! Sure enough, there was that green pickup, hood up, seat pulled out, and two wheels removed. Customs agents were crawling all over it, searching for drugs.
Aah. The sense of recovered dignity.
Years ago, I hadn’t asked that clown to throw a beer can at us. Nor today had I asked this hacker to invade my computer. I didn’t want to track him around the networks. I’d rather be doing astronomy.
But now that I’d evolved a strategy, I could only follow the hacker by being sneaky and tenacious. And by informing the few authorities that seemed to care. Like the CIA.
Roy was on vacation, so not only couldn’t he tell me to drop the investigation now that my three weeks were up, but he couldn’t say anything about the CIA visiting. His stand-in, Dennis Hall, was to greet the spooks.
Dennis is a tranquil, introspective Zen master whose job is to link small computers to Cray supercomputers. He sees networks as channels to slosh computing power from laboratories to desktops. Little computers should talk to people; leave the number crunching to the mainframes. If your desktop workstation’s too slow, then move the hard work into a bigger computer.
In a sense, Dennis is the enemy of computer centers. He wants people to use computers without the mumbo jumbo of programming. As long as there are software wizards and gurus, Dennis won’t be satisfied with the distribution of computing power.