Cuckoo's Egg
Page 23
Confident that he was undetected, he probed the nearby computers. In a moment, he’d discovered four on the Air Force network, and a pathway to connect to others. From his high ground, none of these were hidden from him; if their passwords weren’t guessable, he could steal them by setting up Trojan horses.
This wasn’t a little desktop computer he’d broken into. He found thousands of files on the system, and hundreds of users. Hundreds of users? Yep. The hacker listed them all.
But his greediness got in his way. He commanded the Air Force computer to list the names of all its files; it went merrily along typing out names like “Laser-design-plans” and “Shuttle-launch-manifest.” But he didn’t know how to shut off the spigot. For two hours, it poured a Niagara of information onto his terminal.
Finally, at 2:30, he hung up, figuring that he’d just log back into the Air Force computer. But he couldn’t get back on. The Air Force computer informed him:
“Your password has expired. Please contact the system manager.”
Looking back over the printout, I realized his goof. The air force computer had expired the “field service” password; he’d received a warning when he first broke in. Probably, the system automatically expired passwords after a few months.
To stay on the machine, he should have immediately reset his password. Instead, he ignored the request. Now the system wouldn’t let him back.
From thousands of miles away, I could sense his frustration. He desperately wanted to get back into that computer, but he’d been foiled by his own stupid mistake.
He’d stumbled on the keys to a Buick, and locked them in the car.
The hacker’s mistake solved one problem: what should I tell the Air Force Space Division? Since it was a Sunday, there was nobody to call today. And because the hacker had locked himself out, he was no longer a danger to the Air Force computer. I’d just report the problem to the Air Force narcs, and let them handle it.
While the hacker stepped through the Air Force computer, Steve White traced Tymnet’s lines.
“He’s coming through RCA,” Steve said. “TAT-6.”
“Huh? What’s that mean in English?”
“Oh, nothing really. RCA is one of the international record carriers, and today the hacker is coming across the number six transatlantic cable.” Steve dealt in worldwide communications like a taxi driver in midtown traffic.
“Why isn’t he on a satellite link?”
“Probably because it’s a Sunday—the cable channels are less crowded.”
“You mean that people prefer cable to satellite links?”
“Sure. Every time you connect through a satellite, there’s a quarter second delay. The undersea cables don’t slow down your messages so much.”
“Who would care?”
“People on the telephone, mostly,” Steve said. “Those delays make for jittery conversations. You know, where each person tries to speak at the same time, then they both back off.”
“So if the phone companies try to route over the cables, who wants the satellites?”
“Television networks, mostly. TV signals can’t be squeezed into submarine cables, so they grab the satellites. But fiber optics will change everything.”
I’d heard of fiber optics. Running communications signals over strands of glass, instead of copper wires. But who was running fiber-optic cables under the ocean?
“Everyone wants to,” Steve explained. “There’s a limited number of satellite channels available—you can crowd only so many satellites over Equador. And the satellite channels aren’t private—anyone can listen in. Satellites may be fine for television, but cable’s the way to go for data.”
My conversations with Steve White began with tracing the hacker, but inevitably slipped into other topics. A short talk with Steve usually became a tutorial on communications theory.
Realizing that the hacker was still connected, I asked Steve for the details of the trace.
“Oh yeah. I checked with Wolfgang Hoffman at the Bundespost. Your visitor is coming from Karlsruhe today. The University of Karlsruhe.”
“Where’s that?”
“I don’t know, but I’d guess the Ruhr valley. Isn’t that along the Rhine?”
The hacker was still chipping away at the Air Force computer, but after he left, I jogged over to the library. Yes, there’s Karlsruhe. Three hundred miles south of Hannover.
Draped across the floor of the Atlantic Ocean, the TAT-6 cable ties together Europe and America. The western end of the connection came through Tymnet, then Lawrence Berkeley Laboratory, across the Milnet, and ended at the Air Force Systems Command Space Division.
Somewhere in Germany, the hacker tickled the eastern end of the connection, unaware that we were zeroing in on him.
Three different places in Germany. My hacker was moving around. Or maybe he was staying in one place, playing a shell game with the telephone system. Perhaps he really was a student, visiting different campuses and showing off to his friends. Was I certain that there was only one hacker—or was I watching several people?
The solution depended on completing a trace. Not just to a country or a city, but all the way to an individual. But how do I get a phone trace from six thousand miles away?
The search warrant! Had the FBI pushed the warrant into Germany? For that matter, had they really opened an investigation? Time to call Mike Gibbons of the FBI.
“I hear you’ve been pulled off the computer case,” I told Mike. “Is there anything I can do?”
“Not to worry,” Mike said. “Let me handle it. Just lay low, and we’ll make progress.”
“Well, is there an open investigation or not?”
“Don’t ask me, because I can’t say. Just be patient, and we’ll work it out.”
Mike slipped out of every question. Maybe I could pry some information from him by telling him about the Air Force computer.
“Hey, the hacker broke into an Air Force computer yesterday.”
“Where?”
“Oh, somewhere in Southern California.” I didn’t say that it was at 2400 East El Segundo Boulevard, across from the Los Angeles Airport. He wouldn’t tell me what was happening, so I’d play coy with him.
“Who runs it?”
“Someone in the Air Force. Sounds like some Buck Rogers place. I dunno.”
“You’d better call the Air Force OSI. They’ll know what to do.”
“Won’t the FBI investigate?”
“I told you. We are investigating. We are making progress. It’s just not for your ears to hear.” So much for extracting information from the FBI.
The Air Force narcs were a bit more expressive. Jim Christy of the Air Force OSI put it succinctly.
“Systems Command? Son of a bitch.”
“Yeah. The guy became system manager there.”
“Systems manager at Systems Command. Amusing. Did he get anything classified?”
“Not that I can tell. He really didn’t get that much, just the names of a few thousand files.”
“Damn. We told them. Twice.” I wasn’t sure if I should be listening.
“If it makes any difference, he’s not going to get back on their system. He’s locked himself out.” I told him about the password expiration.
“That’s fine for the Systems Command,” Jim said, “but how many other computers are just as wide open? If the Space Division screws up like that, even after we warn them, then how are we ever going to get the word out?”
“You warned them?”
“Damn straight. We’ve been telling systems operators for six months to change all their passwords. Don’t you think we’ve been listening to you?”
Smoley hokes! They’d actually heard my message, and were spreading the word. It’s the first time that anyone had even hinted that I’d had any effect.
Well, the Air Force OSI in Washington sent the message out to their agent at Vandenberg Air Force Base. He, in turn, was to knock heads at the Space Division. They’d make sure t
hat the hole stayed plugged up.
Two days later, Dave Cleveland and I were sitting in front of his terminal, playing with some broken software. My beeper went off and without saying a word, Dave switched the terminal over to the Unix computer. Sventek was just logging on. We looked at the screen, then nodded to each other. I jogged over to the switchyard to watch the action live.
The hacker didn’t bother with my computers, but went straight over the Milnet to the Air Force Space Division. I watched him start to log in there as Field Service, thinking how he would just be booted off again.
But no! He was welcomed back into their system. Someone at the Air Force base had re-enabled the Field Service account with the same old password. The service technician may have noticed that the account had expired, and asked the system manager to reset the password.
Stupid. They’d unlocked the doors and left the keys in the ignition.
The hacker didn’t waste a minute. He went straight to the authorization software and added a new account. No, not a new account. He searched for an old, unused account and modified it. Some Air Force officer, Colonel Abrens, had an account, but hadn’t been around this computer in a year.
The hacker slightly modified Colonel Abrens’ account, giving it system privileges and a new password: AFHACK.
AFHACK—what arrogance. He’s thumbing his nose at the United States Air Force.
From now on, he didn’t need the Field Service account. Disguised as an officer in the Air Force, he had unlimited access to the Space Division’s computer.
Heavy duty. This guy wasn’t tinkering around. Air Force OSI had left for the day. What should I do? Leaving the hacker connected would leak sensitive information from the Air Force. But disconnecting him would only cause him to use a different route, bypassing my lab’s monitors.
We’d have to chop him off at the Space Command.
But first, I wanted him traced. A call to Steve White started things rolling. Within five minutes, he’d traced the connection to Hannover, and called the Bundespost.
A few minutes of silence. “Cliff, does the connection look like it will be a long one?”
“I can’t tell, but I think so.”
“OK.” Steve was on another telephone; I could only hear an occasional shout.
In a minute, Steve returned to my line. “Wolfgang is tracing the call in Hannover. It’s a local call. They’re going to try to trace it all the way.”
Here’s news! A local call in Hannover meant that the hacker’s somewhere in Hannover.
Unless there’s a computer in Hannover doing his dirty work.
Steve shouted instructions from Wolfgang: “Whatever you do, don’t disconnect the hacker. Keep him on the line if you can!”
But he’s rifling files at the Air Force base. It was like letting a burglar rob your home while you watched. Should I boot him out or let the trace go ahead? I couldn’t decide.
Well, I ought to call some authority. How about Mike Gibbons of the FBI? He’s not around.
Hey—the National Computer Security Center might be a good place to call. Zeke Hanson will know what to do.
No luck. Zeke wasn’t in and the voice at the far end of the line explained, “I’d like to help you, but we design secure computers. We don’t get involved in the operational aspects.” I’d heard that before, thank you.
Well, there wasn’t anyone else to tell but the Air Force. I hooked into the Milnet Network Information Center and looked up their phone number. Naturally, they’d changed their phone number. They even listed the wrong area code. By the time I reached the right person, the hacker had thoroughly penetrated their computer.
“Hi, I’m looking for the system manager of the Space Command’s Vax computer.”
“This is Sergeant Thomas. I’m the manager.”
“Uh, I don’t know how to explain this to you, but there’s a hacker in your computer.” (Meanwhile, I’m thinking, “He won’t believe me and will want to know who I am.”)
“Huh? Who are you?” Even over the phone, I could feel him giving me the hairy eyeball.
“I’m an astronomer at Lawrence Berkeley Laboratory.” (First mistake, I think, nobody’s gonna believe that.)
“How do you know there’s a hacker?”
“I’m watching him break into your computer over the Milnet.”
“You expect me to believe you?”
“Just look at your system. List out your users.”
“OK.” I hear typing in the background.
“There’s nothing strange here. We’ve got fifty-seven people logged in, and the system’s behaving normally.”
“Notice anyone new?” I asked.
“Let’s see … No, everything’s normal.” Should I tell him or just beat around the bush?
“Do you know someone named Abrens?”
“Yeah. Colonel Abrens. He’s logged in right now. Hey, what are you getting at?”
“Are you sure that Abrens is legit?”
“Hell, yes. He’s a colonel. You don’t mess with the brass.”
I was getting nowhere by asking leading questions. Might as well tell him. “Well, a hacker’s stolen Abren’s account. He’s logged on right now, and he’s dumping your files.”
“How do you know?”
“I watched him. I’ve got a printout,” I said. “He came in on the Field Service account, then reset Abrens’ password. Right now, he’s got system privileges.”
“That’s impossible. Just yesterday, I reset the password to the Field Service account. It had expired.”
“Yes, I know. You set the password to ‘service.’ The same as it’s been for the past year. Hackers know this.”
“Well, I’ll be damned. Hold on.” Over the phone, I hear Sergeant Thomas call someone over. A couple minutes later, he’s back on the line.
“What do you want us to do?” he asked. “I can shut off my computer right now.”
“No, hold off for a bit,” I said. “We’re tracing the line right now, and we’re closing in on the hacker.” This was no fib: Steve White had just relayed Wolfgang Hoffman’s request to keep the hacker on the line as long as possible. I didn’t want Sergeant Thomas to cut the line before the trace was complete.
“OK, but we’ll call our commanding officer. He’ll make the final decision.” I could hardly blame them. A total stranger calls from Berkeley and tells them that someone’s breaking into their system.
Between these phone calls, I watched the printer punch out the hacker’s every command. Today, he didn’t list the names of every file. Quite the contrary: he listed individual files. He already knew the names of the files he was looking for; he didn’t need to scramble around searching for their names.
Aah. This was an important clue. Three days ago, the hacker listed the names of a thousand files. Today, he went straight to those files that interested him. He must have printed out his entire session. Otherwise, he would have forgotten the names of the files.
So the hacker’s printing out everything he gets. I already knew that he kept a detailed notebook—otherwise, he’d have forgotten some of the seeds that he’d planted months ago. I remembered my meeting with the CIA: Teejay had wondered if the hacker kept recordings of his sessions. Now I knew.
At the far end of the connection, somewhere in Germany, sat a determined and methodical spy. Every printout that came across my monitor was duplicated in his lair.
Which files did he list? He skipped over all the programs and ignored system management guidelines. Instead, he went for operational plans. Documents describing Air Force payloads for the space shuttle. Test results from satellite detection systems. SDI research proposals. A description of an astronaut-operated camera system.
None of this information had the comment, “classified” on it. It wasn’t secret, top secret, or even confidential. At least, none of the files carried those labels.
Now, no military computer on the Milnet is allowed to carry classified information. There’s another computer
network, completely separate, that handles classified data. So in one sense, the Systems Command’s Space Division had nothing to lose: its computer is unclassified.
But there’s a deeper problem. Individually, public documents don’t contain classified information. But once you gather many documents together, they may reveal secrets. An order from an aircraft manufacturer for a load of titanium sure isn’t secret. Nor is the fact that they’re building a new bomber. But taken together, there’s a strong indicator that Boeing’s new bomber is made of titanium, and therefore must fly at supersonic speeds (since ordinary aluminum can’t resist high temperatures).
In the past, to pull together information from diverse sources you’d spend weeks in a library. Now, with computers and networks, you can match up data sets in minutes—look at how I manipulated Mitre’s long-distance phone bills to find where the hacker had visited. By analyzing public data with the help of computers, people can uncover secrets without ever seeing a classified database.
Back in 1985 Vice Admiral John Poindexter worried about just this problem. He tried to create a new classification of information, “Sensitive but unclassified.” Such information fit below the usual levels of Top Secret, Secret, and Confidential; but access to it was to be denied to certain foreigners.
Poindexter clumsily tried to apply this to academic research—naturally, the universities refused, and the idea died. Now, standing in front of my monitor, watching the hacker prowl through the Space Command’s system, I realized his meaning. Air Force SDI projects might not be top secret, but they sure were sensitive.
What? Me agreeing with Vice Admiral Poindexter? The guy that shipped arms to Iran? How could I have any common ground with Ollie North’s boss? Yet dancing across my screen was just what he’d described: sensitive but unclassified data.
Tymnet came back on the line. “I’m sorry, Cliff, but the trace in Germany is stymied.”
“Can’t they trace the call?” I asked, unsure of who I meant by “they.”
“Well, the hacker’s line comes from Hannover, all right,” Steve replied. “But Hannover’s phone lines connect through mechanical switches—noisy, complicated widgets—and these can only be traced by people. You can’t trace the call with a computer.”