Book Read Free

Cuckoo's Egg

Page 24

by Clifford Stoll


  I started to understand. “You mean that someone has to be in the telephone exchange to trace the call?”

  “That’s it. And since it’s after 10 P.M. in Hannover, there’s nobody around.”

  “How long will it take to get someone into the exchange?”

  “About three hours.”

  To trace the line, a Bundespost telephone technician would have to visit the telephone exchange and follow the switches and wires. For all I knew, he might even have to climb telephone poles. Bad news.

  Meanwhile, the hacker was slithering through the Air Force computer. Sergeant Thomas was still on hold—he’d probably called all sorts of Air Force brass by now.

  I popped my phone to the Air Force line. “Well, we can’t trace things any further today.”

  “Gotcha. We’ll cut off the hacker right now.”

  “Wait for a second,” I said. “Don’t make it look like you’re just booting him off your system. Instead, find a way that he won’t suspect that you’re on to him.”

  “Yeah. We figured out a plan,” Sergeant Thomas replied. “We’ll broadcast an announcement to everyone on the system that our computer’s malfunctioning, and will have to be serviced.”

  Perfect. The hacker will think the system’s going down for repairs.

  I waited for a minute and in the middle of a page of SDI proposals, this message interrupted the hacker’s screen:

  System going down for maintenance, back up in 2 hours.

  He saw it right away. The hacker immediately logged off and disappeared into the void.

  Having broken into another military base, the hacker wasn’t about to give up. He returned to our lab, trying over and over to get back into the Air Force Systems Command. But none of his magic charms worked. He couldn’t get back into their computers.

  They were clever about how they’d locked out the hacker. They didn’t just post a notice saying, “Hackers stay out”. Instead, they set the hacker’s stolen account so that it almost worked. When the hacker logged into his stolen account, Abrens, the Air Force computer appeared to accept it, but then barfed back an error message—as if the hacker had set up his account incorrectly.

  I wondered if the hacker realized that he was under my thumb. Every time he succeeded in breaking into a computer, he was detected and booted out.

  From his viewpoint, everyone except us detected him. In reality, almost nobody detected him.

  Except us.

  He couldn’t know that he was caged in. My alarms, monitors, and electronic tripwires were invisible to him. Tymnet’s traces—through satellites and under the ocean—were totally silent. And the Bundespost was now on his scent.

  Wolfgang’s latest message said that he was arranging to keep a technician at the Hannover telephone exchange until midnight every night. This was expensive, so he needed to coordinate this with us. More important, the Germans had still not heard from the FBI.

  Time to call Mike Gibbons. “The Germans haven’t received anything from the FBI,” I said. “Any idea why?”

  “We’re having, er, internal problems here,” Mike replied. “You don’t want to know.”

  I did want to know, but there was no use asking. Mike wouldn’t say a thing.

  “What should I tell the Bundespost?” I asked. “They’re getting antsy for some kind of official notification.”

  “Tell them that the FBI’s Legal Attaché in Bonn is handling everything. The paperwork will come along.”

  “That’s what you said two weeks ago.”

  “And that’s what I’m saying now.”

  Zip. I passed the message back to Steve at Tymnet, who forwarded it to Wolfgang. The bureaucrats might not be able to communicate with each other, but the technicians sure did.

  Our complaints to the FBI should have been filtered through their office, sent to the American Legal Attaché in Bonn, then passed to the German FBI, the Bundeskriminalamt. The BKA probably inspires the same image of truth and justice in Germany as the FBI does in America.

  But someone was plugging up the communications downstream of Mike Gibbons. About all I could do was keep pestering Mike, and stay in close touch with Tymnet and the Bundespost. Sooner or later, the FBI would reach out to the BKA, and the warrants would appear.

  Meanwhile, my astronomer buddies needed help. I spent the day trying to understand the optics of the Keck Observatory’s telescope. Jerry Nelson needed my programs to predict the telescope’s performance; I hadn’t made a whit of progress since I’d started chasing the hacker.

  The other systems programmers were on my case, too. Crusty Wayne Graves leaned on me to build some disk driver software. (“Screw the hacker. Write some code, already.”) And Dave Cleveland gently reminded me he needed to hookup ten new desktop computers to our lab-wide network.

  I told each of them that the hacker would be gone “RSN.” The ubiquitous statement of software developers everywhere. Real Soon Now.

  On my way over to the astronomy group, I ducked into the switchyard for a moment—just long enough to check my monitors. They showed someone working on the Bevatron computer, manipulating the password file.

  Bizarre. The Bevatron’s one of the lab’s particle accelerators, and their programmers all worked at our lab. Only a system manager could manipulate the password file. I stood around, watching. Someone was adding several new accounts.

  Well, there’s one way to find out if this is legit. Call the Bevatron folks. Chuck McParland answered. “No, I’m the system manager. Ain’t nobody else licensed.”

  “Uh, oh. Then you’ve got a problem. Someone’s playing God on your computer.”

  Chuck typed a few commands and came back to the phone.

  “Son of a bitch.”

  Chuck’s Bevatron particle accelerator used magnets the size of houses to shoot fragments of atoms into thin targets. In the sixties, its ammunition was protons. Now, fed from a second accelerator, it zipped heavy ions up to nearly the speed of light.

  After smashing these atomic particles into thin foils, physicists sift through the debris, looking for fragments which may be the fundamental building blocks of the universe. Physicists waited months for time on the beamlines; more important, cancer patients waited as well.

  The Bevatron can accelerate helium ions to a fraction of the speed of light, where they’ll acquire about 160 million electron volts of energy. At this speed, they travel a few inches and then dump most of their energy.

  If you position a cancer tumor at just the right distance beyond this accelerator, most of the particles’ energy goes into the tumor. The cancer cells absorb this energy, and the tumor’s destroyed without affecting the rest of the person’s body. Unlike X rays, which irradiate everything in their path, the Bevatron particles deposit the bulk of their energy at one location. This works especially well on brain tumors, which are often surgically inoperable.

  Chuck’s Bevatron computers calculate that “right distance.” They control the accelerator too, so that the correct energy is used.

  Get either of these wrong, and you’ll kill the wrong cells.

  Every few seconds, a burst of ions spills out of the beamline. By flipping magnets at the right times, Chuck’s computers send these to either a physics experiment or a cancer patient. A bug in the program is bad news for both.

  The hacker wasn’t just poking around a computer. He was playing with someone’s brain stem.

  Did he know? I doubt it. How could he? To him, the Bevatron’s computer was just another plaything—a system to exploit. Its programs aren’t labeled, “Danger—medical computer. Do not tamper.”

  He wasn’t innocently looking for information. Having found a way to become system manager, he was fooling with the operating system itself.

  Our operating systems are delicate creations. They control how the computer behaves, how their programs will respond. System managers delicately tune their operating systems, trying to squeeze every bit of performance from the computer. Is the program too slow b
ecause it’s competing with other tasks? Fix it by changing the operating system’s scheduler. Or maybe there’s not enough room for twelve programs at once. Then alter the way the operating system allocates memory. Screw up, though, and the computer won’t work.

  This hacker didn’t care if he wrecked someone else’s operating system. He just wanted to introduce a security hole so that he could reenter whenever he wished. Did he know that he might kill someone?

  Chuck nailed his system shut by changing all the passwords. Another door slammed in the hacker’s face.

  But another worry. I’d been chasing someone around the world, yet I couldn’t prevent him from breaking into any computer he wished. My only defense was to watch him and warn people who were attacked.

  Sure, I could still boot him out of my computer, and wash my hands of the whole mess. My earlier fears seemed unjustified: I now knew what security holes he exploited, and it didn’t look like he’d planted any time bombs or viruses in my computer.

  Kicking him off my machine would only black out the window that I used to watch him. He’d continue to attack other computers, using different networks. I didn’t have much choice but to let this SOB wander around until I could catch him.

  But try explaining that to the FBI. On Thursday, January 8, my local FBI agent Fred Wyniken stopped over.

  “I’m here only as a representative of the Alexandria, Virginia office,” Fred said.

  “I don’t understand,” I said. “Why isn’t the case being handled from the Oakland office?”

  “The FBI’s field offices are pretty much independent of one another,” Fred replied. “What one office thinks is important, another may well ignore.” I could sense in which category he thought my case belonged.

  Fred explained that he didn’t know the likelihood of prosecution because he wasn’t handling the case. “But I’d say it’s pretty slim. You can’t show any monetary loss. There’s no obviously classified data. And your hacker isn’t in the States.”

  “So that’s why my local office isn’t handling this case?”

  “Remember, Cliff, that the FBI only works cases that the Department of Justice will prosecute. Since no classified information’s been compromised, there’s no reason to commit the resources that it’ll take to resolve this.”

  “But unless you take action, this hacker will keep hammering on our computers until he pretty much owns them.”

  “Look. Every month we get a half-dozen calls saying, ‘Help! Someone’s breaking into my computer.’ Ninety-five percent of them have no records, no audit trails, and no accounting data.”

  “Hold on there. I’ve got records and audit trails. Hell, I’ve got every keystroke that this bastard’s typed.”

  “I’m getting to that. In a few cases, and yours is one of them, there’s good documentation. But that’s not enough. The damage must be sufficient to justify our efforts. How much have you lost? Seventy-five cents?”

  Here we go again. Yes, our computing costs were small change. But I sensed a larger issue, perhaps one of national importance. My local FBI agent saw only a six-bit accounting error. No wonder I couldn’t get any interest—let alone support—from him.

  How much longer before someone noticed? Maybe if a classified military computer were hit? Or a high-tech medical experiment damaged? What if a patient in a hospital were injured?

  Well, I gave him printouts from the past couple of weeks (after first signing the back of each copy—something to do with “rules of evidence”) and a floppy disk with the Mitre telephone logs. He’d send it all to Mike Gibbons at the Alexandria office. Maybe Mike would find them useful in convincing the FBI to talk to the German BKA.

  Discouraging. The German telephone technicians still didn’t have their warrants, the FBI wasn’t responding, and my boss sent me a curt note asking when I’d write some software to link up a new printer.

  Martha wasn’t happy either. The hacker wasn’t just breaking into computers. By way of the beeper, he was invading our home.

  “Isn’t the FBI or the CIA doing something,” she asked, “now that there’s foreigners and spies? I mean, aren’t they the G-men—Truth, Justice, and the American Way?”

  “It’s the same old bailiwick problem. The CIA says that the FBI should work it. The FBI doesn’t want to touch it.”

  “Is the Air Force Office of Something or Another doing anything?”

  “Same story. The problem starts in Germany, and someone’s got to call Germany to solve it. The Air Force Office of Special Investigations can only bang on the FBI’s door.”

  “Then why not punt?” Martha suggested. “Brick up your computer and let the hacker roam around theirs. Nobody appointed you official guardian of America’s computers.”

  “Because I want to know what happened. Who’s behind it. What they’re searching for. Research.” Luis Alvarez’s words still rang, months afterward.

  “Then think of a way to solve your problem without the FBI. If they won’t get the Germans to trace a call, then find some other way.”

  “How? I can’t call the German Bundespost and say, ‘Trace this call!’ ”

  “Why not?”

  “For one, I wouldn’t know who to call. And they wouldn’t believe me if I did.”

  “Then find some other way to home in on the hacker.”

  “Yeah, right. Just ask him to tell me his address.”

  “Don’t laugh. It might work.”

  “The FBI’s tossing in the towel.”

  This was the message Ann Funk of the Air Force Office of Special Investigations left for me. The day before, I’d called her and she said that her group was waiting for the FBI to take action. Now this greeting.

  I tried returning Ann’s call, but she’d already left Bolling Air Force Base. Not much else to do but call the FBI.

  The raspy voice at the Alexandria FBI office didn’t want to waste time. “Agent Gibbons is not available right now, but I have a message for you,” the guy said officiously. “Your case is closed and you are to shut things off.”

  “Huh? Who said that?”

  “I’m sorry, but that’s the whole message. Agent Gibbons will be back next week.”

  “Did Mike say anything more?” After dozens of conversations, wouldn’t he at least tell me in person?

  “I told you, that is the entire message.”

  Great. Pester the FBI for five months. Trace a connection around the world. Prove that the hacker’s breaking into military computers. Just when I most needed the FBI’s help … poof.

  Ann Funk called back an hour later. “I just heard that the FBI decided there’s insufficient grounds to continue their investigation.”

  “Do the break-ins at the Air Force Space Command make any difference?” I asked.

  “That’s the Systems Command, Space Division, Cliff. Get it right, or you’ll confuse us.” But Space Command sounds neater. Who’d want to command a system?

  “OK, but doesn’t the FBI care about them?”

  Ann sighed. “According to the FBI, there’s no evidence of actual espionage.”

  “Did Mike Gibbons say that?”

  “I doubt it,” she said. “I got the word from a duty officer who said that Mike’s been taken off the case and can’t talk about it.”

  “So who decided?” Mike was the only computer literate FBI agent I’d spoken to.

  “Probably some middle management at the FBI,” Ann said. “They can catch kidnappers easier than computer hackers.”

  “So how do you feel?” I asked her. “Should we close up shop or try to catch the bastard?”

  “The FBI says to shut down the hacker’s access ports.”

  “That’s not what I asked.”

  “… and to change all your passwords …”

  “I know what the FBI says. What does the Air Force say?”

  “Uh, I don’t know. We’ll talk later on and call you back.”

  “Well, unless someone tells us to continue, we’ll close up shop and the
hacker can play in your computers all he wants. For five months we’ve been chasing this spy and not one government agency has contributed a dime.” I hung up angrily.

  A few minutes later, my local FBI agent called. Fred Wyniken left no doubt about their decision. In an official tone of voice, he informed me that the FBI felt there was no way to extradite this hacker because of unclassified hacking.

  “Cliff, if you can show that some classified material has been compromised, or that he’s done significant damage to systems, then the FBI will step in. Until that happens, we’re not going to move.”

  “What do you consider damage? If someone rifles my desk drawers and duplicates the plans for a new integrated circuit, is that damage? Who do I turn to?”

  Fred wouldn’t answer. “If you insist on pursuing this case, the FBI can assist under the domestic police cooperation act. Your lab should contact the Berkeley District Attorney and open an investigation. If your local DA will extradite the hacker, then the FBI will assist in handling the proper paperwork.”

  “Huh? After five months you’re bouncing me back to my local District Attorney?” I couldn’t believe what I was hearing.

  “If you choose to go in that way, the FBI will serve as a conduit between your local police and the German authorities. The LBL police would be the center of the investigation, and prosecution would be in Berkeley.”

  “Fred, you can’t be saying that. This guy’s broken into thirty computers around the country, and you’re telling me that it’s a local, Berkeley problem?”

  “I’m telling you this much,” my local G-man continued. “The FBI has decided to drop the case. If you want to continue, you’d better handle it though your local police force.”

  Not an hour later, Steve White called from Tymnet. He’d just received the following electronic message from the German Bundespost:

  “It is most urgent that the U.S. authorities contact the German prosecutor or else the Bundespost will no longer cooperate. We cannot remain hanging, without any official notification. We will not trace phone lines without the proper warrants. You must arrange for the FBI to contact the German BKA immediately.”

 

‹ Prev