help him out? Sure, no problem. They had shared an inexpensive motel
room in Sale, paid for by Gill.
Being so close to Christmas, Stuart told Craig he had brought him two
presents. Craig opened the first--a John Travolta fitness book. When
Craig opened the second gift, he was a little stunned. It was a red
G-string for men. Craig didn't have a girlfriend at the time--perhaps
Stuart was trying to help him get one.
`Oh, ah, thanks,' Craig said, a bit confused.
`Glad you like it,' Stuart said. `Go on. Try it on.'
`Try it on?' Craig was now very confused.
`Yeah, mate, you know, to see if it fits. That's all.'
`Oh, um, right.'
Craig hesitated. He didn't want to seem rude. It was a weird request,
but never having been given a G-string before, he didn't know the
normal protocol. After all, when someone gives you a jumper, it's
normal for them to ask you to try it on, then and there, to see if it
`Yes, seems to fit,' Stuart said matter of factly, then turned away.
Craig felt relieved. He changed back into his clothing.
That night, and on many others during their trips or during Craig's
overnight visits to Stuart's uncle's house, Craig lay in bed wondering
about his secretive new friend.
Stuart was definitely a little weird, but he seemed to like women so
Craig figured he couldn't be interested in Craig that way. Stuart
bragged that he had a very close relationship with a female newspaper
reporter, and he always seemed to be chatting up the girl at the video
Craig tried not to read too much into Stuart's odd behaviour, for the
be part of the action. Soon Stuart asked Craig for access to
The idea made Craig uncomfortable, but Stuart was so persuasive. How
would he be able to continue his vital intelligence work without
access to Victoria's most important hacking board? Besides, Stuart
Gill of Hackwatch wasn't after innocent-faced hackers like Craig
Bowen. In fact, he would protect Bowen when the police came down on
everyone. What Stuart really wanted was the carders--the fraudsters.
Craig didn't want to protect people like that, did he?
Craig found it a little odd, as usual, that Stuart seemed to be after
the carders, yet he had chummed up with Ivan Trotsky. Still, there
were no doubt secrets Stuart couldn't reveal--things he wasn't allowed
to explain because of his intelligence work.
What Craig couldn't have known as he pondered Stuart Gill from the
safety of his boyish bedroom was exactly how much innocence the
underground was still to lose. If he had foreseen the next few
years--the police raids, the Ombudsman's investigation, the stream of
newspaper articles and the court cases--Craig Bowen would, at that
very moment, probably have reached over and turned off his beloved PI
and Zen forever.
Chapter 3 -- The American Connection
US forces give the nod
It's a setback for your country
-- from `US Forces', on 10, 9, 8, 7, 6, 5, 4, 3, 2, 1 by Midnight Oil1
Force had a secret. The Parmaster wanted it.
Like most hackers, The Parmaster didn't just want the secret, he
needed it. He was in that peculiar state attained by real hackers
where they will do just about anything to obtain a certain piece of
information. He was obsessed.
Of course, it wasn't the first time The Parmaster craved a juicy piece
of information. Both he and Force knew all about infatuation. That's
how it worked with real hackers. They didn't just fancy a titbit here
and there. Once they knew information about a particular system was
available, that there was a hidden entrance, they chased it down
relentlessly. So that was exactly what Par was doing. Chasing Force
endlessly, until he got what he wanted.
It began innocently enough as idle conversation between two giants in
the computer underground in the first half of 1988. Force, the
well-known Australian hacker who ran the exclusive Realm BBS in
Melbourne, sat chatting with Par, the American master of X.25
networks, in Germany. Neither of them was physically in Germany, but
Altos Computer Systems in Hamburg ran a conference feature called
Altos Chat on one of its machines. You could call up from anywhere on
the X.25 data communications network, and the company's computer would
let you connect. Once connected, with a few brief keystrokes, the
German machine would drop you into a real-time, on-screen talk session
with anyone else who happened to be on-line. While the rest of the
company's computer system grunted and toiled with everyday labours,
this corner of the machine was reserved for live on-line chatting. For
free. It was like an early form of the Internet Relay Chat. The
company probably hadn't meant to become the world's most prestigious
hacker hang-out, but it soon ended up doing so.
Altos was the first significant international live chat channel, and
for most hackers it was an amazing thing. The good hackers had cruised
through lots of computer networks around the world. Sometimes they
bumped into one another on-line and exchanged the latest gossip.
Occasionally, they logged into overseas BBSes, where they posted
messages. But Altos was different. While underground BBSes had a
tendency to simply disappear one day, gone forever, Altos was always
there. It was live. Instantaneous communications with a dozen other
hackers from all sorts of exotic places. Italy. Canada. France.
England. Israel. The US. And all these people not only shared an
interest in computer networks but also a flagrant contempt for
authority of any type. Instant, real-time penpals--with attitude.
However, Altos was more exclusive than the average underground BBS.
Wanna-be hackers had trouble getting into it because of the way X.25
networks were billed. Some systems on the network took reverse-charge
connections--like a 1-800 number--and some, including Altos, didn't.
To get to Altos you needed a company's NUI (Network User Identifier),
which was like a calling card number for the X.25 network, used to
bill your time on-line. Or you had to have access to a system like
Minerva which automatically accepted billing for all the connections
X.25 networks are different in various ways from the Internet, which
and, unlike the Internet at the user-level, they only use addresses
containing numbers not letters. Each packet of information travelling
over a data network needs to be encased in a particular type of
envelope. A `letter' sent across the X.25 network needs an X.25
`stamped' envelope, not an Internet `stamped' envelope.
The X.25 networks were controlled by a few very large players,
companies such as Telenet and Tymnet, while the modern Internet is, by
contrast, a fragmented collection of many small and medium-sized
done. In sharing information about their own countries' computers and
networks, hackers helped each other venture further and further
abroad. The Australians had gained quite a reputation on Altos. They
knew their stuff. More importantly, they possessed DEFCON, a program
which mapped out uncharted networks and scanned for accounts on
systems within them. Force wrote DEFCON based on a simple automatic
scanning program provided by his friend and mentor, Craig Bowen
Like the telephone system, the X.25 networks had a large number of
`phone numbers', called network user addresses (NUAs). Most were not
valid. They simply hadn't been assigned to anyone yet. To break into
computers on the network, you had to find them first, which meant
either hearing about a particular system from a fellow hacker or
scanning. Scanning--typing in one possible address after another--was
worse than looking for a needle in a haystack. 02624-589004-0004. Then
increasing the last digit by one on each attempt. 0005. 0006. 0007.
Until you hit a machine at the other end.
Back in 1987 or early 1988, Force had logged into Pacific Island for a
talk with Craig Bowen. Force bemoaned the tediousness of hand
`Well, why the hell are you doing it manually?' Bowen responded. `You
should just use my program.' He then gave Force the source code for
his simple automated scanning program, along with instructions.
Force went through the program and decided it would serve as a good
launchpad for bigger things, but it had a major limitation. The
program could only handle one connection at a time, which meant it
could only scan one branch of a network at a time.
Less than three months later, Force had rewritten Bowen's program into
the far more powerful DEFCON, which became the jewel in the crown of
the Australian hackers' reputation. With DEFCON, a hacker could
automatically scan fifteen or twenty network addresses simultaneously.
He could command the computer to map out pieces of the Belgian,
British and Greek X.25 communications networks, looking for computers
hanging off the networks like buds at the tips of tree branches.
Conceptually, the difference was a little like using a basic PC, which
can only run one program at a time, as opposed to operating a more
sophisticated one where you can open many windows with different
programs running all at once. Even though you might only be working in
one window, say, writing a letter, the computer might be doing
calculations in a spreadsheet in another window in the background. You
can swap between
different functions, which are all running in the background
While DEFCON was busy scanning, Force could do other things, such as
talk on Altos. He continued improving DEFCON, writing up to four more
versions of the program. Before long, DEFCON didn't just scan twenty
different connections at one time; it also automatically tried to
break into all the computers it found through those connections.
Though the program only tried basic default passwords, it had a fair
degree of success, since it could attack so many network addresses at
once. Further, new sites and mini-networks were being added so quickly
that security often fell by the wayside in the rush to join in. Since
the addresses were unpublished, companies often felt this obscurity
offered enough protection.
DEFCON produced lists of thousands of computer sites to raid. Force
would leave it scanning from a hacked Prime computer, and a day or two
later he would have an output file with 6000 addresses on different
networks. He perused the list and selected sites which caught his
attention. If his program had discovered an interesting address, he
would travel over the X.25 network to the site and then try to break
into the computer at that address. Alternatively, DEFCON might have
already successfully penetrated the machine using a default password,
in which case the address, account name and password would all be
waiting for Force in the log file. He could just walk right in.
Everyone on Altos wanted DEFCON, but Force refused to hand over the
program. No way was he going to have other hackers tearing up virgin
networks. Not even Erik Bloodaxe, one of the leaders of the most
prestigious American hacking group, Legion of Doom (LOD), got DEFCON
when he asked for it. Erik took his handle from the name of a Viking
king who ruled over the area now known as York, England. Although Erik
was on friendly terms with the Australian hackers, Force remained
adamant. He would not let the jewel out of his hands.
But on this fateful day in 1988, Par didn't want DEFCON. He wanted the
secret Force had just discovered, but held so very close to his chest.
And the Australian didn't want to give it to him.
Force was a meticulous hacker. His bedroom was remarkably tidy, for a
hacker's room. It had a polished, spartan quality. There were a few
well-placed pieces of minimalist furniture:
a black enamel metal single bed, a modern black bedside
table and a single picture on the wall--a photographic poster of
lightning, framed in glass. The largest piece of furniture was a
blue-grey desk with a return, upon which sat his computer, a printer
and an immaculate pile of print-outs. The bookcase, a tall modern
piece matching the rest of the furniture, contained an extensive
collection of fantasy fiction books, including what seemed to be
almost everything ever written by David Eddings. The lower shelves
housed assorted chemistry and programming books. A chemistry award
proudly jutted out from the shelf housing a few Dungeons and Dragons
filed in the bottom of his bookcase. Each page of notes, neatly
printed and surrounded by small, tidy handwriting revealing updates
and minor corrections, had its own plastic cover to prevent smudges or
Force thought it was inefficient to hand out his DEFCON program and
time and resources. Further, it was becoming harder to get access to
the main X.25 sites in Australia, like Minerva. Scanning was the type
of activity likely to draw the attention of a system admin and result
in the account being killed. The more people who scanned, the more
accounts would be killed, and the less access the Australian hackers
would have. So Force refused to hand over DEFCON to hackers outside
The Realm, which is one thing that made it such a powerful group.
Scanning with DEFCON meant using Netlink, a program which legitimate
users didn't often employ. In his hunt for hackers, an admin might
look for people running Netlink, or he might just examine which
systems a user was connecting to. For example, if a hacker connected
directly to Altos from Minerva without hopping through a respectable
midpoint, such as another corporate machine overseas, he could count
on the Minerva admins killing off the account.
DEFCON was revolutionary for its time, and difficult to reproduce. It
was written for Prime computers, and not many hackers knew how to
write programs for Primes. In fact, it was exceedingly difficult for
most hackers to learn programming of any sort for large, commercial
machines. Getting the system engineering manuals was tough work and
many of the large companies guarded their manuals almost as trade
secrets. Sure, if you bought a $100000 system, the company would give
you a few sets of operating manuals, but that was well beyond the
reach of a teenage hacker. In general, information was hoarded--by the
computer manufacturers, by the big companies which bought the systems,
by the system administrators and even by the universities.
Learning on-line was slow and almost as difficult. Most hackers used
300 or 1200 baud modems. Virtually all access to these big, expensive
machines was illegal. Every moment on-line was a risky proposition.
High schools never had these sorts of expensive machines. Although
many universities had systems, the administrators were usually miserly
with time on-line for students. In most cases, students only got
accounts on the big machines in their second year of computer science
studies. Even then, student accounts were invariably on the
university's oldest, clunkiest machine. And if you weren't a comp-sci
student, forget it. Indulging your intellectual curiosity in VMS
systems would never be anything more than a pipe dream.
Even if you did manage to overcome all the roadblocks and develop some
programming experience in VMS systems, for example, you might only be
able to access a small number of machines on any given network. The
X.25 networks connected a large number of machines which used very
different operating systems. Many, such as Primes, were not in the
least bit intuitive. So if you knew VMS and you hit a Prime machine,
well, that was pretty much it.
Unless, of course, you happened to belong to a clan of hackers like
The Realm. Then you could call up the BBS and post a message. `Hey, I
found a really cool Primos system at this address. Ran into problems
trying to figure the parameters of the Netlink command. Ideas anyone?'
And someone from your team would step forward to help.
In The Realm, Force tried to assemble a diverse group of Australia's
best hackers, each with a different area of expertise. And he happened
to be the resident expert in Prime computers.
Although Force wouldn't give DEFCON to anyone outside The Realm, he
wasn't unreasonable. If you weren't in the system but you had an
interesting network you wanted mapped, he would scan it for you. Force
referred to scans for network user addresses as `NUA sprints'. He
would give you a copy of the NUA sprint. While he was at it, he would
also keep a copy for The Realm. That was efficient. Force's pet
project was creating a database of systems and networks for The Realm,
so he simply added the new information to its database.
Force's great passion was mapping new networks, and new mini-networks
were being added to the main X.25 networks all the time. A large
corporation, such a BHP, might set up its own small-scale network
connecting its offices in Western Australia, Queensland, Victoria and
the United Kingdom. That mini-network might be attached to a
particular X.25 network, such as Austpac. Get into the Austpac network
and chances were you could get into any of the company's sites.
Exploration of all this uncharted territory consumed most of Force's
time. There was something cutting-edge, something truly adventurous
about finding a new network and carefully piecing together a picture
of what the expanding web looked like. He drew detailed pictures and
diagrams showing how a new part of the network connected to the rest.
Perhaps it appealed to his sense of order, or maybe he was just an
adventurer at heart. Whatever the underlying motivation, the maps
provided The Realm with yet another highly prized asset.
When he wasn't mapping networks, Force published Australia's first
underground hacking journal, Globetrotter. Widely read in the
international hacking community, Globetrotter reaffirmed Australian
hackers' pre-eminent position in the international underground.
But on this particular day, Par wasn't thinking about getting a copy
of Globetrotter or asking Force to scan a network for him. He was
thinking about that secret. Force's new secret. The secret Parmaster
Force had been using DEFCON to scan half a dozen networks while he
chatted to Par on Altos. He found an interesting connection from the
scan, so he went off to investigate it. When he connected to the
unknown computer, it started firing off strings of numbers at Force's
machine. Force sat at his desk and watched the characters rush by on
It was very odd. He hadn't done anything. He hadn't sent any commands
to the mystery computer. He hadn't made the slightest attempt to break
into the machine. Yet here the thing was throwing streams of numbers.
What kind of computer was this? There might have been some sort of
header which would identify the computer, but it had zoomed by so fast
in the unexpected data dump that Force had missed it.
Force flipped over to his chat with Par on Altos. He didn't completely
trust Par, thinking the friendly American sailed a bit close to the
wind. But Par was an expert in X.25 networks and was bound to have
some clue about these numbers. Besides, if they turned out to be
something sensitive, Force didn't have to tell Par where he found
`I've just found a bizarre address. It is one strange system. When I
like credit cards,' he typed back.
`Oh.' Force went quiet.
Par thought the normally chatty Australian hacker seemed astonished.
After a short silence, the now curious Par nudged the conversation
forward. `I have a way I can check out whether they really are valid
cards,' he volunteered. `It'll take some time, but I should be able to
do it and get back to you.'
`Yes.' Force seemed hesitant. `OK.'
On the other side of the Pacific from Par, Force thought about this
turn of events. If they were valid credit cards, that was very cool.
Not because he intended to use them for credit card fraud in the way
Ivan Trotsky might have done. But Force could use them for making
long-distance phone calls to hack overseas. And the sheer number of
cards was astonishing. Thousand and thousands of them. Maybe 10000.
All he could think was, Shit! Free connections for the rest of my
Hackers such as Force considered using cards to call overseas computer
would never end up paying the bill anyway. The hackers figured that
Telecom, which they despised, would probably have to wear the cost in
the end, and that was fine by them. Using cards to hack was nothing
like ordering consumer goods. That was real credit card fraud. And
Force would never sully his hands with that sort of behaviour.
Force scrolled back over his capture of the numbers which had been
injected into his machine. After closer inspection, he saw there were
headers which appeared periodically through the list. One said,
He checked the prefix of the mystery machine's network address again.
He knew from previous scans that it belonged to one of the world's
largest banks. Citibank.
The data dump continued for almost three hours. After that, the
Citibank machine seemed to go dead. Force saw nothing but a blank
screen, but he kept the connection open. There was no way he was going
to hang up from this conversation. He figured this had to be a freak