One system was home to a senior NorTel computer security administrator and Mendax promptly headed off to check out his mailbox. The contents made him laugh.
A letter from the Australian office said that Australia"s Telecom wanted access to CORWAN, NorTel"s corporate wide area network. Access would involve linking CORWAN and a small Telecom network. This seemed reasonable enough since Telecom did business with NorTel and staff were communicating all the time.
The Canadian security admin had written back turning down the request because there were too many hackers in the Telecom network.
Too many hackers in Telecom? Now that was funny. Here was a hacker reading the sensitive mail of NorTel"s computer security expert who reckoned Telecom"s network was too exposed. In fact, Mendax had penetrated Telecom"s systems from NorTel"s CORWAN, not the other way round.
Perhaps to prove the point, Mendax decided to crack pa.s.swords to the NorTel system. He collected 1003 pa.s.sword files from the NorTel sites, pulled up his pa.s.sword cracking program, THC, and started hunting around the network for some spare computers to do the job for him. He located a collection of 40 Sun computers, probably housed in Canada, and set up his program on them.
THC ran very fast on those Sun4s. The program used a 60000 word dictionary borrowed from someone in the US army who had done a thesis on cryptography and pa.s.sword cracking. It also relied on "a particularly nice fast-crypt algorithm" being developed by a Queensland academic, Eric Young. The THC program worked about 30 times faster than it would have done using the standard algorithm.
Using all 40 computers, Mendax was throwing as many as 40000 guesses per second against the pa.s.sword lists. A couple of the Suns went down under the strain, but most held their place in the onslaught. The secret pa.s.swords began dropping like flies. In just a few hours, Mendax had cracked 5000 pa.s.swords, some 100 of which were to root accounts. He now had access to thousands of NorTel computers across the globe.
There were some very nice prizes to be had from these systems. Gain control over a large company"s computer systems and you virtually controlled the company itself. It was as though you could walk through every security barrier unchecked, beginning with the front door. Want each employee"s security codes for the office"s front door? There it was--on-line.
How about access to the company"s payroll records? You could see how much money each person earns. Better still, you might like to make yourself an employee and pay yourself a tidy once-off bonus through electronic funds transfer. Of course there were other, less obvious, ways of making money, such as espionage.
Mendax could have easily found highly sensitive information about planned NorTel products and sold them. For a company like NorTel, which spent more than $1 billion each year on research and development, information leaks about its new technologies could be devastating. The espionage wouldn"t even have to be about new products; it could simply be about the company"s business strategies.
With access to all sorts of internal memos between senior executives, a hacker could procure precious inside information on markets and prices. A compet.i.tor might pay handsomely for this sort of information.
And this was just the start of what a malicious or profit-motivated hacker could do. In many companies, the automated aspects of manufacturing plants are controlled by computers. The smallest changes to the programs controlling the machine tools could destroy an entire batch of widgets--and the multi-million dollar robotics machinery which manufactures them.
But the IS hackers had no intention of committing information espionage. In fact, despite their poor financial status as students or, in the case of Trax, as a young man starting his career at the bottom of the totem pole, none of them would have sold information they gained from hacking. In their view, such behaviour was dirty and deserving of contempt--it soiled the adventure and was against their ethics. They considered themselves explorers, not paid corporate spies.
Although the NorTel network was firewalled, there was one link to the Internet. The link was through a system called BNRGATE, Bell-Northern Research"s gateway to the Internet.
Bell-Northern is NorTel"s R&D subsidiary. The connection to the outside electronic world was very restricted, but it looked interesting. The only problem was how to get there.
Mendax began hunting around for a doorway. His pa.s.sword cracking program had not turned up anything for this system, but there were other, more subtle ways of getting a pa.s.sword than the brute force of a cracking program.
System administrators sometimes sent pa.s.swords through email. Normally this would be a major security risk, but the NorTel system was firewalled from the Internet, so the admins thought they had no real reason to be concerned about hackers. Besides, in such a large corporation spanning several continents, an admin couldn"t always just pop downstairs to give a new company manager his pa.s.sword in person.
And an impatient manager was unlikely to be willing to wait a week for the new pa.s.sword to arrive courtesy of snail mail.
In the NorTel network, a mail spool, where email was stored, was often shared between as many as twenty computer systems. This structure offered considerable advantages for Mendax. All he needed to do was break into the mail spool and run a keyword search through its contents. Tell the computer to search for word combinations such as "BNRGATE" and "pa.s.sword", or to look for the name of the system admin for BNRGATE, and likely as not it would deliver tender morsels of information such as new pa.s.swords.
Mendax used a pa.s.sword he found through this method to get into BNRGATE and look around. The account he was using only had very restricted privileges, and he couldn"t get root on the system. For example, he could not FTP files from outside the NorTel network in the normal way. Among Internet users FTP (file transfer protocol) is both a noun and a verb: to FTP a program is to slurp a copy of it off one computer site into your own. There is nothing illegal about FTP-ing something per se, and millions of people across the Internet do so quite legitimately.
It appeared to Mendax that the NorTel network admins allowed most users to FTP something from the Internet, but prevented them from taking the copied file back to their NorTel computer site. It was stored in a special holding pen in BNRGATE and, like quarantine officers, the system admins would presumably come along regularly and inspect the contents to make sure there were no hidden viruses or Trojans which hackers might use to sneak into the network from the Internet.
However, a small number of accounts on BNRGATE had fewer restrictions.
Mendax broke into one of these accounts and went out to the Internet.
People from the Internet were barred from entering the NorTel network through BNRGATE. However, people inside NorTel could go out to the Internet via telnet.
Hackers had undoubtedly tried to break into NorTel through BNRGATE.
Dozens, perhaps hundreds, had unsuccessfully flung themselves against BNRGATE"s huge fortifications. To a hacker, the NorTel network was like a medieval castle and the BNRGATE firewall was an impossible battlement. It was a particular delight for Mendax to telnet out from behind this firewall into the Internet. It was as if he was walking out from the castle, past the guards and well-defended turrets, over the drawbridge and the moat, into the town below.
The castle also offered the perfect protection for further hacking activities. Who could chase him? Even if someone managed to follow him through the convoluted routing system he might set up to pa.s.s through a half dozen computer systems, the pursuer would never get past the battlements. Mendax could just disappear behind the firewall. He could be any one of 60000 NorTel employees on any one of 11000 computer systems.
Mendax telnetted out to the Internet and explored a few sites, including the main computer system of Encore, a large computer manufacturer. He had seen Encore computers before inside at least one university in Melbourne. In his travels, he met up with Corrupt, the American hacker who told Par he had read Theorem"s mail.
Corrupt was intrigued by Mendax"s extensive knowledge of different computer systems. When he learned that the Australian hacker was coming from inside the NorTel firewall, he was impressed.
The hackers began talking regularly, often when Mendax was coming from inside NorTel. The black street fighter from inner-city Brooklyn and the white intellectual from a leafy outer Melbourne suburb bridged the gap in the anonymity of cybers.p.a.ce. Sometime during their conversations Corrupt must have decided that Mendax was a worthy hacker, because he gave Mendax a few stolen pa.s.swords to Cray accounts.
In the computer underground in the late 1980s and early 1990s, a Cray computer account had all the prestige of a platinum charge card. The sort of home computer most hackers could afford at that time had all the grunt of a golf cart engine, but a Cray was the Rolls-Royce of computers. Crays were the biggest, fastest computers in the world.
Inst.i.tutions such as large universities would sh.e.l.l out millions of dollars on a Cray so the astronomy or physics departments could solve enormous mathematical problems in a fraction of the time it would take on a normal computer. A Cray never sat idle overnight or during holiday periods. Cray time was billed out by the minute. Crays were elite.
Best of all, Crays were master pa.s.sword crackers. The computer would go through Mendax"s entire pa.s.sword cracking dictionary in just ten seconds. An encrypted pa.s.sword file would simply melt like b.u.t.ter in a fire. To a hacker, it was a beautiful sight, and Corrupt handing a few Cray accounts over to Mendax was a friendly show of mutual respect.
Mendax reciprocated by offering Corrupt a couple of accounts on Encore. The two hackers chatted off and on and even tried to get Corrupt into NorTel. No luck. Not even two of the world"s most notable hackers, working in tandem 10 000 miles apart, could get Corrupt through the firewall. The two hackers talked now and again, exchanging information about what their respective feds were up to and sharing the occasional account on interesting systems.
The flat structure of the NorTel network created a good challenge since the only way to find out what was in a particular site, and its importance, was to invade the site itself. The IS hackers spent hours most nights roving through the vast system. The next morning one of them might call another to share tales of the latest exploits or a good laugh about a particularly funny piece of pilfered email. They were in high spirits about their adventures.
Then, one balmy spring night, things changed.
Mendax logged into NMELH1 about 2.30 a.m. As usual, he began by checking the logs which showed what the system operators had been doing. Mendax did this to make sure the NorTel officials were not onto IS and were not, for example, tracing the telephone call.
Something was wrong. The logs showed that a NorTel system admin had stumbled upon one of their secret directories of files about an hour ago. Mendax couldn"t figure out how he had found the files, but this was very serious. If the admin realised there was a hacker in the network he might call the AFP.
Mendax used the logs of the korn sh.e.l.l, called KSH, to secretly watch what the admin was doing. The korn sh.e.l.l records the history of certain user activities. Whenever the admin typed a command into the computer, the KSH stored what had been typed in the history file.
Mendax accessed that file in such a way that every line typed by the admin appeared on his computer a split second later.
The admin began inspecting the system, perhaps looking for signs of an intruder. Mendax quietly deleted his incriminating directory. Not finding any additional clues, the admin decided to inspect the mysterious directory more closely. But the directory had disappeared.
The admin couldn"t believe his eyes. Not an hour before there had been a suspicious-looking directory in his system and now it had simply vanished. Directories didn"t just dissolve into thin air. This was a computer--a logical system based on 0s and 1s. It didn"t make decisions to delete directories.
A hacker, the admin thought. A hacker must have been in the NorTel system and deleted the directory. Was he in the system now? The admin began looking at the routes into the system.
The admin was connected to the system from his home, but he wasn"t using the same dial-up lines as the hacker. The admin was connected through Austpac, Telecom"s commercial X.25 data network. Perhaps the hacker was also coming in through the X.25 connection.
Mendax watched the admin inspect all the system users coming on over the X.25 network. No sign of a hacker. Then the admin checked the logs to see who else might have logged on over the past half hour or so.
Nothing there either.
The admin appeared to go idle for a few minutes. He was probably staring at his computer terminal in confusion. Good, thought Mendax.
Stumped. Then the admin twigged. If he couldn"t see the hacker"s presence on-line, maybe he could see what he was doing on-line. What programs was the hacker running? The admin headed straight for the process list, which showed all the programs being run on the computer system.
Mendax sent the admin a fake error signal. It appears to the admin as if his korn sh.e.l.l had crashed. The admin re-logged in and headed straight for the process list again.
Some people never learn, Mendax thought as he booted the admin off again with another error message:
Segmentation violation.
The admin came back again. What persistence. Mendax knocked the admin off once more, this time by freezing up his computer screen.
This game of cat and mouse went on for some time. As long as the admin was doing what Mendax considered to be normal system administration work, Mendax left him alone. The minute the admin tried to chase him by inspecting the process list or the dial-up lines, he found himself booted off his own system.
Suddenly, the system administrator seemed to give up. His terminal went silent.
Good, Mendax thought. It"s almost 3 a.m. after all. This is my time on the system. Your time is during the day. You sleep now and I"ll play.