Book Read Free

Cuckoo's Egg

Page 27

by Clifford Stoll


  “Hi Steve!”

  “The hacker’s back on, eh?” Steve must have heard it in the tone of my voice.

  “Yep. Can you start the trace?”

  “Here goes.” He was gone for thirty seconds—it couldn’t have been a full minute—when he announced, “He’s coming from Bremen this time.”

  “Same as yesterday,” I observed.

  “I’ll tell Wolfgang at the Bundespost.” Steve hung up while I watched the hacker on my screen. Every minute the hacker visited, we were that much closer to unmasking him.

  Yes, there he was, methodically reading our false data files. With every bureaucratic memo he read, I felt more satisfied, knowing he was being misled in two ways: his information was patently false, and his arrogant strides through our computer were leading him straight into our arms.

  At 8:40, he left our computer. Steve White called back within a minute.

  “The Germans traced him through the University of Bremen again,” he said. “From there, into Hannover.”

  “Did they make any progress in getting his phone number?”

  “Wolfgang says they’ve got all the digits of his phone number except the last two.”

  All but the last two digits? That didn’t make sense—it meant that they’d traced the call to a group of one hundred phones. “But that’s worse than yesterday, when they said they’d isolated him to one of fifty phones.”

  “All I can tell you is what I hear.”

  Disturbing, but at least they were tracing the lines.

  At 10:17, he came back. By now, Martha had bicycled up to the lab, and the two of us were busy inventing new SDI files to feed him. We both ran to the monitors and watched him, expecting him to discover our latest work.

  This time, he wasn’t interested in SDI files. Instead, he went out over the Milnet, trying to break into military computers. One by one, trying to guess his way past their password protection.

  He concentrated on Air Force and Army computers, occasionally knocking on the Navy’s door. Places I’d never heard of, like the Air Force Weapons Lab, Descom Headquarters, Air Force CC OIS, the CCA-amc. Fifty places, without success.

  Then he slid across the Milnet into a computer named Buckner. He got right in … didn’t even need a password on the account named “guest.”

  Martha and I looked at each other, then at the screen. He’d broken into the Army Communications Center in Building 23, Room 121, of Fort Buckner. That much was obvious: the computer greeted the hacker with its address. But where’s Fort Buckner?

  About all I could tell was that its calendar was wrong. It said today was Sunday, and I knew it was Saturday. Martha took charge of the monitors, and I ran to the library, returning with their now familiar atlas.

  Paging through the back pages, I found Ft. Buckner listed.

  “Hey, Martha, you’re not going to believe this, but the hacker’s broken into a computer in Japan. Here’s your Fort Buckner,” I said, pointing to an island in the Pacific Ocean. “It’s on Okinawa.”

  What a connection! From Hannover, Germany, the hacker linked to the University of Bremen, across a transatlantic cable into Tymnet, then into my Berkeley computer, and into the Milnet, finally reaching Okinawa. Jeez.

  If someone in Okinawa had detected him, they’d have to unravel a truly daunting maze.

  Not that this worldwide link satisfied him—he wanted Fort Buckner’s database. For half an hour, he probed their system, finding it amazingly barren. A few letters here and there, and a list of about seventy-five users. Fort Buckner must be a very trusting place: nobody set passwords on their accounts.

  He didn’t find much on that system, outside of some electronic mail messages talking about when supplies would arrive from Hawaii. A collector of military acronyms would love the Fort Buckner computer, but any sane person would be bored.

  “If he’s so interested in military gobbledegook,” Martha asked, “why not enlist?”

  Well, this hacker wasn’t bored. He listed as many text files as he could, skipping only the programs and Unix utilities. A bit after eleven in the morning, he finally grew tired, and logged off.

  While he’d circled the globe with his spiderweb of connections, the German Bundespost had homed in on him.

  The phone rang—had to be Steve White.

  “Hi, Cliff,” Steve said. “The trace is complete.”

  “The Germans got the guy?”

  “They know his phone number.”

  “Well, who is he?” I asked.

  “They can’t say right now, but you’re supposed to tell the FBI.”

  “Just tell me this much,” I told Steve, “is it a computer or a person?”

  “A person with a computer at his home. Or should I say, at his business.”

  Martha overheard the conversation and was now whistling a tune from the Wizard of Oz: “Ding-dong, the witch is dead.…”

  At last, the trace was over. The police would bust him, he’d be arraigned, we’d press charges, and he’d be pacing a jail cell. So I thought.

  But more important, my research was finished. Five months ago, I asked myself, “How come my accounts are imbalanced by 75 cents?” That question had led me across the country, under the ocean, through defense contractors and universities, to Hannover, Germany.

  Martha and I biked home, stopping only to pick up a pint of heavy cream. We picked the last of our garden’s strawberries and celebrated with homemade milkshakes. No doubt—there’s no substitute for mixing ’em yourself. Toss in some ice cream, a couple bananas, a cup of milk, two eggs, a couple spoonfuls of vanilla, and a handful of homegrown strawberries. Thicken it with just enough malt. Now that’s a milkshake.

  Claudia, Martha, and I danced around the yard for a while—our plans had worked out perfectly.

  “In a couple days, the police will bust him, and we’ll find out what he was after,” I told them. “Now that someone knows who’s behind this, it can’t be long.”

  “Yow, you’ll get your name in the newspaper,” Claudia marveled. “Will you still talk to us?”

  “Yeah, I’ll even keep washing the dishes.”

  The rest of the day, Martha and I spent in San Francisco’s Golden Gate Park, riding the merry-go-round and roller-skating.

  After all these months, the problem was solved. We’d thrown a net around the cuckoo.

  He stared bleakly at the broken greasy venetian blinds, a cigarette butt dangling from his clammy lips. The sickly green glow of the screen reflected on his sallow tired features. Silently, deliberately, he invaded the computer.

  Six thousand miles away, her longing white arms craved for him. He could feel her hot breath on his cheek, as her delicate fingers curled through his long brown hair. Her negligee parted invitingly, he sensed every curve through the thin silken gauze. She whispered, “Darling, don’t leave me.…”

  Suddenly the night was shattered—that sound again—he froze and stared at the night stand. A red light beckoned across the pitch black room. His beeper sang its siren song.

  Sunday morning, at 6:30, Martha and I were dreaming when the hacker stepped on my electronic tripwire. Damn. Such a great dream, too.

  I slid out from under the quilts and called Steve White. He passed the message along to the Bundespost, and five minutes later, the trace was complete. Hannover again. Same guy.

  From home, I couldn’t observe him—he might notice me watching him. But only yesterday he’d finished reading all our phony SDI files. So why come back now?

  It wasn’t until I biked into work that I saw the hacker’s targets. Milnet again. The printout showed him logging into my Berkeley computer, then reaching out over the Milnet, then trying to log onto a system at the Eglin Air Force Base.

  He tried account names like guest, system, manager, and field service … all his old tricks. Eglin’s computer didn’t put up with such nonsense: it kicked him out after his fourth try. So, he went on the European Milnet Control computer, and tried again. Still no luck.
r />   Sixty computers later, he still hadn’t gotten into a military computer. But he kept trying.

  At 1:39 P.M., he succeeded in logging into the Navy Coastal Systems Center in Panama City, Florida. He got into their system by trying the account “Ingres” with the password “Ingres.”

  Ingres database software lets you quickly search thousands of accounting records for the one entry you need. You make queries like, “Tell me all the quasars that emit X rays,” or “How many Tomahawk missiles are deployed in the Atlantic fleet?” Database software is powerful stuff, and the Ingres system is among the finest.

  But it’s sold with a backdoor password. When you install Ingres, it comes with a ready-made account that has an easily guessed password. My hacker knew this. The Navy Coastal Systems Center didn’t.

  Once logged on, he meticulously checked that nobody was watching him. He listed the file structures and searched for links to nearby networks. He then listed the entire encrypted password file.

  There he goes again. That’s the third or fourth time I’d seen him copy the whole password file into his home machine. Something’s strange here—the passwords are protected by encryption, so he can’t possibly figure out the original password. Still, why else would he copy the password file?

  After an hour inside the navy computer, he grew tired and went back to knocking on doors along the Milnet. That, too, lost its excitement after a while; after fifty or a hundred times, even he tired of seeing the message, “Invalid Login—bad password.” So he printed out some SDINET files again, pretty much the same stuff he’d seen in the past couple of days. Around 2:30 in the afternoon he called it quits. He’d spent eight hours hacking on the military networks.

  Plenty of time to trace his call. And time enough to learn that the German Bundespost has been in close contact with the Public Prosecutor in Bremen, Germany. They’re contacting the authorities in Hannover, and they’re also talking to the German BKA. Sounds like someone is about ready to close in on the hacker and make the arrest.

  Who should I call about this break-in into the Navy computer?

  A week ago, the Air Force OSI warned me not to call the system managers directly. Jim Christy said, “It’s just runs against military policy.”

  “I understand,” I said. “But is there a clearinghouse to report these problems to?”

  “No, not really,” Jim explained. “You can tell the National Computer Security Center, but they’re pretty much a one-way trap. They listen, all right, but they don’t publicize problems. So if it’s a military computer, call us,” Jim said. “We’ll go through channels and get the word to the right folks.”

  Monday morning brought the hacker again. Time to twist some more doorknobs. One by one, he scanned Milnet computers, ranging from the Rome Air Development Center in New York to someplace called the Naval Electronic Warfare Center. He tried fifteen places before he struck pay dirt—the Ramstein Air Force Base computer. This time, he discovered that the account, “bbncc,” wasn’t protected. No password needed.

  Ramstein’s computer seemed to be an electronic mail system for officers. He started listing everyone’s mail. Quickly, it opened my eyes—this was stuff that he shouldn’t be seeing.

  OK, what should I do? I couldn’t let him grab this information, yet I didn’t want to tip my hand. Disconnecting him won’t do much good—he’ll just find another pathway. I can’t call the place—I’ve no idea where Ramstein Air Force Base is. I can call Air Force OSI, but I’ve got to take action now—not in five minutes—before he reads the rest of their data.

  I reached for the phone to call Jim Christy of the Air Force OSI. Naturally I can’t remember his phone number. There in my pocket is a key chain. Of course, the old key chain trick. Just add some noise to his connection.

  I jangled my keys against the connector, shorting out the hacker’s communications line. Just enough to appear as noise to the hacker. “Static on the line,” he’d think. Every time he asked for electronic mail from Ramstein, I garbled his commands, and Ramstein’s computer misunderstood him.

  After a few more attempts, he gave up on Ramstein Air Force Base, and went back to scanning the Milnet, trying to get into other places.

  I finally reached Jim Christy at Air Force OSI. “The hacker’s gotten into someplace called Ramstein Air Force Base. Wherever it is, you’d better tell them to change all their passwords.”

  “Ramstein’s in Germany.”

  “Huh?” I asked. I’d thought the occupation of Europe had ended in the ’50s. “What’s the U.S. Air Force doing in Germany?”

  “Protecting you. But let’s not go into that. I’ll warn them right away. Go back to watching the hacker.”

  I’d missed ten minutes of the hacker. He was trying to break into more military systems, slowly and methodically trying dozens of sites.

  The Milnet addresses seemed to be in alphabetical order; right now he was working near the end of the alphabet. Mostly R’s and S’s. Aha! Yes, that was it. He was working from an alphabetized list. Somehow, he’d obtained the Milnet directory, and was checking off each site after he tried it.

  He’d made it halfway through the S’s when he tried a computer called Seckenheim. Logged right in as “Guest.” No password. This was getting embarrassing.

  But though he got into that computer, he didn’t stay long. A few minutes to make a couple scans of their system files, then he logged off. I wondered why.

  Still, I’d better do something. Time to call the Air Force.

  “Hey, the hacker just got into someplace called Seckenheim. It’s on the Milnet, so it must be a military computer. But I’ve never heard of it.”

  “Snake in the grass,” Jim growled.

  “Huh?”

  “Damn. Seckenheim is the Army Material Command in Europe. Near Heidelberg. Germany again.”

  “Oops. Sorry about that.”

  “I’ll take care of it.” The hacker’s success meant problems for the narcs. I wondered how many overseas military bases the United States has. The technology I could handle. It was geography and bureaucracies that tripped me up.

  After having cracked three computers today, the hacker was still not satisfied. He continued to bang away on the Milnet, so I kept watch in the switchyard. One by one, I watched as he tried passwords. At 11:37, he got into a Vax computer named Stewart. Logged right in there as “Field,” password, “Service.” I’d seen it before. Another Vax computer running VMS that hadn’t changed their default passwords.

  The hacker dived right in. The field service account was privileged, and he wasted no time taking advantage of this. He first disabled accounting, so that he’d leave no tracks behind. Then he went directly to the authorize utility—the system software in charge of passwords—and selected one user, Rita, who hadn’t used the system for the past few months. He modified Rita’s account to give it full system privileges. Then he set a new password. “Ulfmerbold.”

  Where had I heard that word? Ulfmerbold. It sounded German. Something to figure out later. Meanwhile, I’ve got to watch my hacker.

  Finally, a bit after noon, the hacker left Berkeley. A productive day for him.

  The Stewart computer turned out to belong to Fort Stewart, an army base in Georgia. I called Mike Gibbons of the FBI, and he took care of calling them.

  “Mike, have you ever hear of the word, Ulfmerbold?”

  “Nope. Sounds German, though.”

  “Just checking. Say, the Germans have completed the trace. The Bundespost now knows who’s making the calls.”

  “Did they tell you?”

  “Naw. Nobody ever tells me anything. You know that.”

  Mike laughed. “That’s the way we operate, all right. But I’ll get the legat on the case right away.”

  “Legat?”

  “Oh. Legal Attaché. You know, the guy in Bonn that handles our affairs.”

  “How soon until they arrest the guy?” I just wanted to know who and why—the last pieces of the puzzle.

&
nbsp; “I don’t know. But when it happens, I’ll tell you. Shouldn’t be long now.”

  By chance, around 3 P.M. Teejay called from the CIA. “What’s new?”

  “We completed the trace over the weekend.”

  “Where is he?”

  “In Hannover.”

  “Mmmm. Know the guy’s name?”

  “No, not yet.”

  “Does the ‘F’ entity know?”

  “I don’t think so. But call them and find out. They never tell me a thing.” I doubted that the FBI would tell the CIA, and I didn’t want to be squeezed between the two. It was weird enough to talk to either.

  “Any clues to his identity?”

  “Hard to say. Ever hear of the word Ulfmerbold?”

  “Mmmm. What’s that from?”

  “The hacker chose that as a password when he broke into a computer this morning. At Fort Stewart, Georgia.”

  “He’s not letting the grass grow, huh?” Teejay still tried to sound uninterested, but his voice had a tremor that gave it away.

  “Yeah. He got into a couple other places too.”

  “Where?”

  “Oh,” I said, “no place special. Just a couple military bases in Germany. And a place called Fort Buckner.”

  “Son of a bitch.”

  “You know them?”

  “Yeah. I used to work at Fort Buckner. Back in my Army days. Lived on base with my wife.” A CIA agent with a wife? I’d never thought of it. Spy novels never mention spouses or kids.

  The hacker had chosen a strange password for his use. Ulfmerbold. Nothing in my dictionary. Not in Cassell’s German-English dictionary. The trusty atlas showed nothing. Yet I’d heard this word before.

  Martha hadn’t heard of it. Nor had any of my friends. Not even my sister, the one who’d risked her life prowling around a high school in McLean, Virginia.

  It took three days, but my boss, Roy Kerth, figured it out. Ulf Merbold is the West German astronaut who’d made astronomical observations from the space shuttle.

 

‹ Prev