lower-case letters. It might also add a `1' at the end. In short, the
program would create new guesses by permutating, shuffling, reversing
and recombining basic information such as a user's name into new
dictionary was a game of trade-offs. The fewer words in a cracking
dictionary, the less time it was likely to take a computer to break
the encrypted passwords. A smaller dictionary, however, also meant
fewer guesses and so a reduced chance of cracking the password of any
`Hmm. Mine's 24328. We better pare it down together.'
`Yeah. OK. Pick a letter.'
`C. Let's start with the Cs.'
`Yeah. OK. Here goes. Cab, Cabal. Cabala. Cabbala.' Electron paused.
`What the fuck is a Cabbala?'
`Dunno. Yeah. I've got those. Not Cabbala. OK, Cabaret. Cabbage. Fuck,
I hate cabbage. Who'd pick Cabbage as their password?'
`A Pom,' Electron answered.
`Yeah,' Phoenix laughed before continuing.
Phoenix sometimes stopped to think about Force's warning, but usually
he just pushed it to one side when it crept, unwelcomed, into his
thoughts. Still, it worried him. Force took it seriously enough. Not
only had he stopped associating with Electron, he appeared to have
gone very, very quiet.
In fact, Force had found a new love: music. He was writing and
performing his own songs. By early 1990 he seemed so busy with his
music that he had essentially put The Realm on ice. Its members took
to congregating on a machine owned by another Realm member, Nom, for a
month or so.
Somehow, however, Phoenix knew that wasn't all of the story. A hacker
didn't pick up and walk away from hacking just like that. Especially
not Force. Force had been obsessed with hacking. It just didn't make
sense. There had to be something more. Phoenix comforted himself with
the knowledge that he had followed Force's advice and had stayed away
from Electron. Well, for a while anyway.
He had backed right off, watched and waited, but nothing happened.
Electron was as active in the underground as ever but he hadn't been
busted. Nothing had changed. Maybe Force's information had been wrong.
Surely the feds would have busted Electron by now if they were going
to do anything. So Phoenix began to rebuild his relationship with
Electron. It was just too tempting. Phoenix was determined not to let
Force's ego impede his own progress.
By January 1990, Electron was hacking almost all the time. The only
time he wasn't hacking was when he was sleeping, and even then he
often dreamed of hacking. He and Phoenix were sailing past all the
other Melbourne hackers. Electron had grown beyond Powerspike's
expertise just as Phoenix had accelerated past Force. They were moving
away from X.25 networks and into the embryonic Internet, which was
just as illegal since the universities guarded computer
accounts--Internet access--very closely.
Even Nom, with his growing expertise in the Unix operating system
which formed the basis of many new Internet sites, wasn't up to
Electron's standard. He didn't have the same level of commitment to
hacking, the same obsession necessary to be a truly cutting-edge
hacker. In many ways, the relationship between Nom and Phoenix
mirrored the relationship between Electron and Powerspike: the support
act to the main band.
Electron didn't consider Phoenix a close friend, but he was a kindred
spirit. In fact he didn't trust Phoenix, who had a big mouth, a big
ego and a tight friendship with Force--all strikes against him. But
Phoenix was intelligent and he wanted to learn. Most of all, he had
the obsession. Phoenix contributed to a flow of information which
stimulated Electron intellectually, even if more information flowed
toward Phoenix than from him.
Within a month, Phoenix and Electron were in regular contact, and
during the summer holidays they were talking on the phone--voice--all
the time, sometimes three or four times a day. Hack then talk. Compare
notes. Hack some more. Check in again, ask a few questions. Then back
The actual hacking was generally a solo act. For a social animal like
Phoenix, it was a lonely pursuit. While many hackers revelled in the
intense isolation, some, such as Phoenix, also needed to check in with
fellow humanity once in a while. Not just any humanity--those who
understood and shared in the obsession.
`Caboodle. Caboose, `Electron went on, `Cabriolet. What the hell is a
Cabriolet? Do you know?'
`Yeah,' Phoenix answered, then rushed on. `OK. Cacao. Cache. Cachet
`Cachinnation. Cachou ...'
`Do you know?' Electron asked again, slightly irritated. As usual,
Phoenix was claiming to know things he probably didn't.
`Hmm? Uh, yeah,' Phoenix answered weakly. `Cackle. Cacophony ...'
Electron knew that particular Phoenix `yeah'--the one which said `yes'
but meant `no, and I don't want to own up to it either so let's drop
told him. Unless there was some solid proof, Electron figured it was
just hot air. He didn't actually like Phoenix much as a person, and
found talking to him difficult at times. He preferred the company of
his fellow hacker Powerspike.
Powerspike was both bright and creative. Electron clicked with him.
They often joked about the other's bad taste in music. Powerspike
liked heavy metal, and Electron liked indie music. They shared a
healthy disrespect for authority. Not just the authority of places
they hacked into, like the US Naval Research Laboratories or NASA, but
the authority of The Realm. When it came to politics, they both leaned
to the left. However, their interest tended more toward
anarchy--opposing symbols of the military-industrial complex--than to
joining a political party.
After their expulsion from The Realm, Electron had been a little
isolated for a time. The tragedy of his personal life had contributed
to the isolation. At the age of eight, he had seen his mother die of
lung cancer. He hadn't witnessed the worst parts of her dying over two
years, as she had spent some time in a German cancer clinic hoping for
a reprieve. She had, however, come home to die, and Electron had
watched her fade away.
When the phone call from hospital came one night, Electron could tell
what had happened from the serious tones of the adults. He burst into
tears. He could hear his father answering questions on the phone. Yes,
the boy had taken it hard. No, his sister seemed to be OK. Two years
younger than Electron, she was too young to understand.
Electron had never been particularly close to his sister. He viewed
her as an unfeeling, shallow person--someone who simply skimmed along
the surface of life. But after their mother's death, their father
began to favour Electron's sister, perhaps because of her resemblance
to his late wife. This drove a deeper, more subtle wedge between
brother and sister.
Electron's father, a painter who taught art at a local high school,
was profoundly affected by his wife's death. Despite some barriers of
social class and money, theirs had been a marriage of great affection
and love and they made a happy home. Electron's father's paintings
hung on almost every wall in the house, but after his wife's death he
put down his brushes and never took them up again. He didn't talk
about it. Once, Electron asked him why he didn't paint any more. He
looked away and told Electron that he had `lost the motivation'.
Electron's grandmother moved into the home to help her son care for
his two children, but she developed Alzheimer's disease. The children
ended up caring for her. As a teenager, Electron thought it was
maddening caring for someone who couldn't even remember your name.
Eventually, she moved into a nursing home.
In August 1989, Electron's father arrived home from the doctor's
office. He had been mildly ill for some time, but refused to take time
off work to visit a doctor. He was proud of having taken only one
day's sick leave in the last five years. Finally, in the holidays, he
had seen a doctor who had conducted numerous tests. The results had
Electron's father had bowel cancer and the disease had spread. It
could not be cured. He had two years to live at the most.
Electron was nineteen years old at the time, and his early love of the
computer, and particularly the modem, had already turned into a
passion. Several years earlier his father, keen to encourage his
fascination with the new machines, used to bring one of the school's
Apple IIes home over weekends and holidays. Electron spent hours at
the borrowed machine. When he wasn't playing on the computer, he read,
plucking one of his father's spy novels from the over-crowded
bookcases, or his own favourite book, The Lord of The Rings.
Computer programming had, however, captured the imagination of the
young Electron years before he used his first computer. At the age of
eleven he was using books to write simple programs on paper--mostly
games--despite the fact that he had never actually touched a keyboard.
His school may have had a few computers, but its administrators had
little understanding of what to do with them. In year 9, Electron had
met with the school's career counsellor, hoping to learn about career
options working with computers.
`I think maybe I'd like to do a course in computer programming ...'
His voice trailed off, hesitantly.
`Why would you want to do that?' she said. `Can't you think of
anything better than that?'
`Uhm ...' Electron was at a loss. He didn't know what to do. That was
why he had come to her. He cast around for something which seemed a
more mainstream career option but which might also let him work on
computers. `Well, accounting maybe?'
`Oh yes, that's much better,' she said.
`You can probably even get into a university, and study accounting
there. I'm sure you will enjoy it,' she added, smiling as she closed
The borrowed computers were, in Electron's opinion, one of the few
good things about school. He did reasonably well at school, but only
because it didn't take much effort. Teachers consistently told his
father that Electron was underachieving and that he distracted the
other students in class. For the most part, the criticism was just
low-level noise. Occasionally, however, Electron had more serious
run-ins with his teachers. Some thought he was gifted. Others thought
the freckle-faced, Irish-looking boy who helped his friends set fire
to textbooks at the back of the class was nothing but a smart alec.
When he was sixteen, Electron bought his own computer. He used it to
crack software protection, just as Par had done. The Apple was soon
replaced by a more powerful Amiga with a 20 megabyte IBM compatible
sidecar. The computers lived, in succession, on one of the two desks
in his bedroom. The second desk, for his school work, was usually
piled high with untouched assignments.
The most striking aspect of Electron's room was the ream after ream of
dot matrix computer print-out which littered the floor. Standing at
almost any point in the simply furnished room, someone could reach out
and grab at least one pile of print-outs, most of which contained
either usernames and passwords or printed computer program code. In
between the piles of print-outs, were T-shirts, jeans, sneakers and
books on the floor. It was impossible to walk across Electron's room
without stepping on something.
The turning point for Electron was the purchase of a second-hand 300
baud modem in 1986. Overnight, the modem transformed Electron's love
of the computer into an obsession. During the semester immediately
before the modem's arrival, Electron's report card showed six As and
one B. The following semester he earned six Bs and only one A.
Electron had moved onto bigger and better things than school. He
quickly became a regular user of underground BBSes and began hacking.
He was enthralled by an article he discovered describing how several
hackers claimed to have moved a satellite around in space simply by
hacking computers. From that moment on, Electron decided he wanted to
hack--to find out if the article was true.
Before he graduated from school in 1987, Electron had hacked NASA, an
achievement which saw him dancing around the dining room table in the
middle of the night chanting, `I got into NASA! I got into NASA!' He
hadn't moved any satellites, but getting into the space agency was as
thrilling as flying to the moon.
By 1989, he had been hacking regularly for years, much to the chagrin
of his sister, who claimed her social life suffered because the
family's sole phone line was always tied up by the modem.
For Phoenix, Electron was a partner in hacking, and to a lesser degree
a mentor. Electron had a lot to offer, by that time even more than The
is a Caesura?' Phoenix kept ploughing through the Cs.
`Dunno. Kill that,' Electron answered, distracted.
`Caesura. Well, fuck. I know I'd wanna use that as a password.'
Phoenix laughed. `What the hell kind of word is Caduceus?'
`A dead one. Kill all those. Who makes up these dictionaries?'
`Hang on. How come I don't have Calabash in my list?' Phoenix feigned
`Hey,' Phoenix said, `we should put in words like "Qwerty" and
"ABCDEF" and "ASDFGH".'
`Did that already.' Electron had already put together a list of other
common passwords, such as the `words' made when a user typed the six
letters in the first alphabet row on a keyboard.
Phoenix started on the list again. `OK the COs. Commend, Comment,
Commerce, Commercial, Commercialism, Commercially. Kill those last
`Huh? Why kill Commercial?'
`No. That's not a good idea.'
`How come? The computer's only going to read the first eight
characters and encrypt those. So we should kill all the rest.'
Sometimes Phoenix just didn't get it. But Electron didn't rub it in.
He kept it low-key, so as not to bruise Phoenix's ego. Often Electron
sensed Phoenix sought approval from the older hacker, but it was a
subtle, perhaps even unconscious search.
`Nah,' Electron began, `See, someone might use the whole word,
Commerce or Commercial. The first eight letters of these words are not
the same. The eighth character in Commerce is "e", but in Commercial
There was a short silence.
`Yeah,' Electron went on, `but you could kill all the words
like Commercially, and Commercialism, that come after Commercial.
`Yeah. OK. I see,' Phoenix said.
`Hmm. OK. Yeah, all right.' Phoenix seemed a bit out of sorts. `Hey,'
he brightened a bit, `it's been a whole ten minutes since my machine
`Yeah?' Electron tried to sound interested.
`Yeah. You know,' Phoenix changed the subject to his favourite topic,
`what we really need is Deszip. Gotta get that.' Deszip was a computer
program which could be used for password cracking.
`And Zardoz. We need Zardoz,' Electron added. Zardoz was a restricted
electronic publication detailing computer security holes.
`Yeah. Gotta try to get into Spaf's machine. Spaf'll have it for
sure.' Eugene Spafford, Associate Professor of Computer Science at
Purdue University in the US, was one of the best known computer
security experts on the Internet in 1990.
Deszip and Zardoz glittered side by side as the most coveted prizes in
the world of the international Unix hacker.
Cracking passwords took time and computer resources. Even a moderately
powerful university machine would grunt and groan under the weight of
the calculations if it was asked to do. But the Deszip program could
change that, lifting the load until it was, by comparison,
feather-light. It worked at breathtaking speed and a hacker using
Deszip could crack encrypted passwords up to 25 times faster.
Zardoz, a worldwide security mailing list, was also precious, but for
a different reason. Although the mailing list's formal name was
Security Digest, everyone in the underground simply called it Zardoz,
after the computer from which the mailouts originated. Zardoz also
happened to be the name of a science fiction cult film starring Sean
Connery. Run by Neil Gorsuch, the Zardoz mailing list contained
articles, or postings, from various members of the computer security
industry. The postings discussed newly discovered bugs--problems with
a computer system which could be exploited to break into or gain root
access on a machine. The beauty of the bugs outlined in Zardoz was
that they worked on any computer system using the programs or
operating systems it described. Any university, any military system,
any research institute which ran the software documented in Zardoz was
vulnerable. Zardoz was a giant key ring, full of pass keys made to fit
virtually every lock.
True, system administrators who read a particular Zardoz posting might
take steps to close up that security hole. But as the hacking
community knew well, it was a long time between a Zardoz posting and a
shortage of systems with that hole. Often a bug worked on many
computers for months--sometimes years--after being announced on
announced. Zardoz was an exclusive club, and most admins simply
weren't members. You couldn't just walk in off the street and sign up
for Zardoz. You had to be vetted by peers in the computer security
industry. You had to administer a legitimate computer system,
preferably with a large institution such as a university or a research
body such as CSIRO. Figuratively speaking, the established members of
the Zardoz mailing list peered down their noses at you and determined
if you were worthy of inclusion in Club Zardoz. Only they decided if
you were trustworthy enough to share in the great security secrets of
the world's computer systems.
In 1989, the white hats, as hackers called the professional security
gurus, were highly paranoid about Zardoz getting into the wrong hands.
So much so, in fact, that many postings to Zardoz were fine examples
of the art of obliqueness. A computer security expert would hint at a
new bug in his posting without actually coming out and explaining it
in what is commonly referred to as a `cookbook' explanation.
This led to a raging debate within the comp-sec industry. In one
corner, the cookbook purists said that bulletins such as Zardoz were
only going to be helpful if people were frank with each other. They
wanted people posting to Zardoz to provide detailed, step-by-step
explanations on how to exploit a particular security hole. Hackers
would always find out about bugs one way or another and the best way
to keep them out of your system was to secure it properly in the first
place. They wanted full disclosure.
In the other corner, the hard-line, command-and-control computer
security types argued that posting an announcement to Zardoz posed the
gravest of security risks. What if Zardoz fell into the wrong hands?
Why, any sixteen-year-old hacker would have step-by-step directions
showing how to break into thousands of individual computers! If you
had to reveal a security flaw--and the jury was still out in their
minds as to whether that was such a good idea--it should be done only
in the most oblique terms.
What the hard-liners failed to understand was that world-class hackers
like Electron could read the most oblique, carefully crafted Zardoz
postings and, within a matter of days if not hours, work out exactly
how to exploit the security hole hinted at in the text. After which
they could just as easily have written a cookbook version of the
Most good hackers had come across one or two issues of Zardoz in their
travels, often while rummaging though the system administrator's mail
on a prestigious institution's computer. But no-one from the elite of
the Altos underground had a full archive of all the back issues. The
hacker who possessed that would have details of every major security
hole discovered by the world's best computer security minds since at
Like Zardoz, Deszip was well guarded. It was written by computer
security expert Dr Matthew Bishop, who worked at NASA's Research
Institute for Advanced Computer Science before taking up a teaching
position at Dartmouth, an Ivy League college in New Hampshire. The
United States government deemed Deszip's very fast encryption
algorithms to be so important, they were classified as armaments. It
was illegal to export them from the US.
Of course, few hackers in 1990 had the sophistication to use weapons
such as Zardoz and Deszip properly. Indeed, few even knew they
existed. But Electron and Phoenix knew, along with a tiny handful of
others, including Pad and Gandalf from Britain. Congregating on Altos
in Germany, they worked with a select group of others carefully
targeting sites likely to contain parts of their holy grail. They were
methodical and highly strategic, piecing information together with
exquisite, almost forensic, skill. While the common rabble of other
hackers were thumping their heads against walls in brute-force attacks
on random machines, these hackers spent their time hunting for
strategic pressure points--the Achilles' heels of the computer
They had developed an informal hit list of machines, most of which