Suelette dreyfus julian assange



Download 6.15 Mb.
Page19/43
Date03.05.2017
Size6.15 Mb.
1   ...   15   16   17   18   19   20   21   22   ...   43

belonged to high-level computer security gurus. Finding one or two

early issues of Zardoz, Electron had combed through their postings

looking not just on the surface--for the security bugs--but also

paying careful attention to the names and addresses of the people

writing articles. Authors who appeared frequently in Zardoz, or had

something intelligent to say, went on the hit list. It was those

people who were most likely to keep copies of Deszip or an archive of

Zardoz on their machines.

Electron had searched across the world for information about Deszip

and DES (Data Encryption Standard), the original encryption program

later used in Deszip. He hunted through computers at the University of

New York, the US Naval Research Laboratories in Washington DC,

Helsinki University of Technology, Rutgers University in New Jersey,

Melbourne University and Tampere University in Finland, but the search

bore little fruit. He found a copy of CDES, a public domain encryption

program which used the DES algorithm, but not Deszip. CDES could be

used to encrypt files but not to crack passwords.

The two Australian hackers had, however, enjoyed a small taste of

Deszip. In 1989 they had broken into a computer at Dartmouth College

called Bear. They discovered Deszip carefully tucked away in a corner

of Bear and had spirited a copy of the program away to a safer machine

at another institution.

It turned out to be a hollow victory. That copy of Deszip had been

encrypted with Crypt, a program based on the German Enigma machine

used in World War II. Without the passphrase--the key to unlock the

encryption--it was impossible to read Deszip. All they could do was

stare, frustrated, at the file name Deszip labelling a treasure just

out of reach.

Undaunted, the hackers decided to keep the encrypted file just in case

they ever came across the passphrase somewhere--in an email letter,

for example--in one of the dozens of new computers they now hacked

regularly. Relabelling the encrypted Deszip file with a more innocuous

name, they stored the copy in a dark corner of another machine.

Thinking it wise to buy a little insurance as well, they gave a second

copy of the encrypted Deszip to Gandalf, who stored it on a machine in

the UK in case the Australians' copy disappeared unexpectedly.


[ ]

In January 1990, Electron turned his attention to getting Zardoz.

After carefully reviewing an old copy of Zardoz, he had discovered a

system admin in Melbourne on the list. The subscriber could well have

the entire Zardoz archive on his machine, and that machine was so

close--less than half an hour's drive from Electron's home. All

Electron had to do was to break into the CSIRO.

The Commonwealth Scientific and Industrial Research Organisation, or

CSIRO, is a government owned and operated research body with many

offices around Australia. Electron only wanted to get into one: the

Division of Information Technology at 55 Barry Street, Carlton, just

around the corner from the University of Melbourne.

Rummaging through a Melbourne University computer, Electron had

already found one copy of the Zardoz archive, belonging to a system

admin. He gathered it up and quietly began downloading it to his

computer, but as his machine slowly siphoned off the Zardoz copy, his

link to the university abruptly went dead. The admin had discovered

the hacker and quickly killed the connection. All of which left

Electron back at square one--until he found another copy of Zardoz on

the CSIRO machine.

It was nearly 3 a.m. on 1 February 1990, but Electron wasn't tired.

His head was buzzing. He had just successfully penetrated an account

called Worsley on the CSIRO computer called

DITMELA, using the sendmail bug. Electron assumed

DITMELA stood for Division of Information Technology, Melbourne,

computer `A'.

Electron began sifting through Andrew Worsley's directories that day.

He knew Zardoz was in there somewhere, since he had seen it before.

After probing the computer, experimenting with different security

holes hoping one would let him inside, Electron managed to slip in

unnoticed. It was mid-afternoon, a bad time to hack a computer since

someone at work would likely spot the intruder before long. So

Electron told himself this was just a reconnaissance mission. Find out

if Zardoz was on the machine, then get out of there fast and come back

later--preferably in the middle of the night--to pull Zardoz out.

When he found a complete collection of Zardoz in Worsley's directory,

Electron was tempted to try a grab and run. The problem was that, with

his slow modem, he couldn't run very quickly. Downloading Zardoz would

take several hours. Quashing his overwhelming desire to reach out and

grab Zardoz then and there, he slipped out of the machine noiselessly.

Early next morning, an excited and impatient Electron crept back into

DITMELA and headed straight for Worsley's directory. Zardoz was still

there. And a sweet irony. Electron was using a security bug he had

found on an early issue of Zardoz to break into the computer which

would surrender the entire archive to him.

Getting Zardoz out of the CSIRO machine was going to be a little

difficult. It was a big archive and at 300 baud--30 characters per

second--Electron's modem would take five hours to siphon off an entire

copy. Using the CAT command, Electron made copies of all the Zardoz

issues and bundled them up into one 500 k file. He called the new file

.t and stored it in the temporary directory on DITMELA.

Then he considered what to do next. He would mail the Zardoz bundle to

another account outside the CSIRO computer, for safe-keeping. But

after that he had to make a choice: try to download the thing himself

or hang up, call Phoenix and ask him to download it.

Using his 2400 baud modem, Phoenix would be able to download the

Zardoz bundle eight times faster than Electron could. On the other

hand, Electron didn't particularly want to give Phoenix access to the

CSIRO machine. They had both been targeting the machine, but he hadn't

told Phoenix that he had actually managed to get in. It wasn't that he

planned on withholding Zardoz when he got it. Quite the contrary,

Electron wanted Phoenix to read the security file so they could bounce

ideas off each other. When it came to accounts, however, Phoenix had a

way of messing things up. He talked too much. He was simply not

discreet.

While Electron considered his decision, his fingers kept working at

the keyboard. He typed quickly, mailing copies of the Zardoz bundle to

two hacked student accounts at Melbourne University. With the

passwords to both accounts, he could get in whenever he wanted and he

wasn't taking any chances with this precious cargo. Two accounts were

safer than one--a main account and a back-up in case someone changed

the password on the first one.

Then, as the DITMELA machine was still in the process of mailing the

Zardoz bundle off to the back-up sites, Electron's connection suddenly

died.

The CSIRO machine had hung up on him, which probably meant one thing.



The admin had logged him off. Electron was furious. What the hell was

a system administrator doing on a computer at this hour? The admin was

supposed to be asleep! That's why Electron logged on when he did. He

had seen Zardoz on the CSIRO machine the day before but he had been so

patient refusing to touch it because the risk of discovery was too

great. And now this.

The only hope was to call Phoenix and get him to login to the

Melbourne Uni accounts to see if the mail had arrived safely. If so,

he could download it with his faster modem before the CSIRO admin had

time to warn the Melbourne Uni admin, who would change the passwords.

Electron got on the phone to Phoenix. They had long since stopped

caring about what time of day they rang each other. 10 p.m. 2 a.m.

4.15 a.m. 6.45 a.m.

`Yeah.' Electron greeted Phoenix in the usual way.

`Yup,' Phoenix responded.

Electron told Phoenix what happened and gave him the two accounts at

Melbourne University where he had mailed the Zardoz bundle.

Phoenix hung up and rang back a few minutes later. Both accounts were

dead. Someone from Melbourne University had gone in and changed the

passwords within 30 minutes of Electron being booted off the CSIRO

computer. Both hackers were disturbed by the implications of this

event. It meant someone--in fact probably several people--were onto

them. But their desperation to get Zardoz overcame their fear.

Electron had one more account on the CSIRO computer. He didn't want to

give it to Phoenix, but he didn't have a choice. Still, the whole

venture was filled with uncertainty. Who knew if the Zardoz bundle was

still there? Surely an admin who bothered to kick Electron out would

move Zardoz to somewhere inaccessible. There was, however, a single

chance.

When Electron read off the password and username, he told Phoenix to



copy the Zardoz bundle to a few other machines on the Internet instead

of trying to download it to his own computer. It would be much

quicker, and the CSIRO admin wouldn't dare break into someone else's

computers to delete the copied file. Choosing overseas sites would

make it even harder for the admin to reach the admins of those

machines and warn them in time. Then, once Zardoz was safely tucked

away in a few back-up sites, Phoenix could download it over the

Internet from one of those with less risk of being booted off the

machine halfway through the process.

Sitting at his home in Kelvin Grove, Thornbury, just two suburbs north

of the CSIRO machine, Ian Mathieson watched the hacker break into his

computer again. Awoken by a phone call at 2.30 a.m. telling him there

was a suspected hacker in his computer, Mathieson immediately logged

in to his work system, DITMELA, via his home computer and modem. The

call, from David Hornsby of the Melbourne University Computer Science

Department, was no false alarm.

After watching the unknown hacker, who had logged in through a

Melbourne University machine terminal server, for about twenty

minutes, Mathieson booted the hacker off his system. Afterwards he

noticed that the DITMELA computer was still trying to execute a

command issued by the hacker. He looked a little closer, and

discovered DITMELA was trying to deliver mail to two Melbourne

University accounts.

The mail, however, hadn't been completely delivered. It was still

sitting in the mail spool, a temporary holding pen for undelivered

mail. Curious as to what the hacker would want so much from his

system, Mathieson moved the file into a subdirectory to look at it. He

was horrified to find the entire Zardoz archive, and he knew exactly

what it meant. These were no ordinary hackers--they were precision

fliers. Fortunately, Mathieson

consoled himself, he had stopped the mail before it had been sent out

and secured it.

Unfortunately, however, Mathieson had missed Electron's original

file--the bundle of Zardoz copies. When Electron had mailed the file,

he had copied it, leaving the original intact. They were still sitting

on DITMELA under the unassuming name .t. Mailing a file didn't delete

it--the computer only sent a copy of the original. Mathieson was an

intelligent man, a medical doctor with a master's degree in computer

science, but he had forgotten to check the temporary directory, one of

the few places a hacker could store files on a Unix system if he

didn't have root privileges.

At exactly 3.30 a.m. Phoenix logged into DITMELA from the University

of Texas. He quickly looked in the temporary directory. The .t file

was there, just as Electron had said it would be. The hacker quickly

began transferring it back to the University of Texas.

He was feeling good. It looked like the Australians were going to get

the entire Zardoz collection after all. Everything was going extremely

well--until the transfer suddenly died. Phoenix had forgotten to check

that there was enough disk space available on the University of Texas

account to download the sizeable Zardoz bundle. Now, as he was logged

into a very hot machine, a machine where the admin could well be

watching his every move, he discovered there wasn't enough room for

the Zardoz file.

Aware that every second spent on-line to DITMELA posed a serious risk,

Phoenix logged off the CSIRO machine immediately. Still connected to

the Texas computer, he fiddled around with it, deleting other files

and making enough room to pull the whole 500 k Zardoz file across.

At 3.37 a.m. Phoenix entered DITMELA again. This time, he vowed,

nothing would go wrong. He started up the file transfer and waited.

Less than ten minutes later, he logged off the CSIRO computer and

nervously checked the University of Texas system. It was there.

Zardoz, in all its glory. And it was his! Phoenix was ecstatic.

He wasn't done yet and there was no time for complacency. Swiftly, he

began compressing and encrypting Zardoz. He

compressed it because a smaller file was less obvious on the Texas

machine and was faster to send to a back-up machine. He encrypted it

so no-one nosing around the file would be able to see what was in it.

He wasn't just worried about system admins; the Texas system was

riddled with hackers, in part because it was home to his friend,

Legion of Doom hacker Erik Bloodaxe, a

student at the university.

After Phoenix was satisfied Zardoz was safe, he rang Electron just

before 4 a.m. with the good news. By 8.15, Phoenix had downloaded

Zardoz from the Texas computer onto his own machine. By 1.15 p.m.,

Electron had downloaded it from Phoenix's machine to his own.
[ ]

Zardoz had been a difficult conquest, but Deszip would prove to be

even more so. While dozens of security experts possessed complete

Zardoz archives, far fewer people had Deszip. And, at least

officially, all of them were in the US.

The US government banned the export of cryptography algorithms. To

send a copy of Deszip, or DES or indeed any other encryption program

outside the US was a crime. It was illegal because the US State

Department's Office of Defense Trade Controls considered any

encryption program to be a weapon. ITAR, the International Traffic in

Arms Regulations stemming from the US Arms Export Control Act 1977,

restricted publication of and trad in `defense articles'. It didn't

matter whether you flew to Europe with a disk in your pocket, or you

sent the material over the Internet. If you violated ITAR, you faced

the prospect of prison.

Occasionally, American computer programmers discreetly slipped copies

of encryption programs to specialists in their field outside the US.

Once the program was outside the US, it was fair game--there was

nothing US authorities could do about someone in Norway sending Deszip

to a colleague in Australia. But even so, the comp-sec and

cryptography communities outside the US still held programs such as

Deszip very tightly within their own inner sanctums.

All of which meant that Electron and Phoenix would almost certainly

have to target a site in the US. Electron continued to compile a hit

list, based on the Zardoz mailing list, which he gave to Phoenix. The

two hackers then began searching the growing Internet for computers

belonging to the targets.

It was an impressive hit list. Matthew Bishop, author of Deszip.

Russell Brand, of the Lawrence Livermore National Labs, a research

laboratory funded by the US Department of Energy. Dan Farmer, an

author of the computer program COPS, a popular security-testing

program which included a password cracking program. There were others.

And, at the top of the list, Eugene Spafford, or Spaf, as the hackers

called him.

By 1990, the computer underground viewed Spaf not just as security

guru, but also as an anti-hacker zealot. Spaf was based at Purdue

University, a hotbed of computer security experts. Bishop had earned

his PhD at Purdue and Dan Farmer was still there. Spaf was also one of

the founders of usenet, the Internet newsgroups service. While working

as a computer scientist at the university, he had made a name for

himself by, among other things, writing a technical analysis of the

RTM worm. The worm, authored by Cornell University student Robert T.

Morris Jr in 1988, proved to be a boon for Spaf's career.

Prior to the RTM worm, Spaf had been working in software engineering.

After the worm, he became a computer ethicist and a very public

spokesman for the conservatives in the computer security industry.

Spaf went on tour across the US, lecturing the public and the media on

worms, viruses and the ethics of hacking. During the Morris case,

hacking became a hot topic in the United States, and Spaf fed the

flames. When Judge Howard G. Munson refused to sentence Morris to

prison, instead ordering him to complete 400 hours community service,

pay a $10000 fine and submit to three years probation, Spaf publicly

railed against the decision. The media reported that he had called on

the computer industry to boycott any company which chose to employ

Robert T. Morris Jr.

Targeting Spaf therefore served a dual purpose for the Australian

hackers. He was undoubtedly a repository of treasures such as Deszip,

and he was also a tall poppy.

One night, Electron and Phoenix decided to break into Spaf's machine

at Purdue to steal a copy of Deszip. Phoenix would do the actual

hacking, since he had the fast modem, but he would talk to Electron

simultaneously on the other phone line. Electron would guide him at

each step. That way, when Phoenix hit a snag, he wouldn't have to

retreat to regroup and risk discovery.

Both hackers had managed to break into another computer at Purdue,

called Medusa. But Spaf had a separate machine, Uther, which was

connected to Medusa.

Phoenix poked and prodded at Uther, trying to open a hole wide enough

for him to crawl through. At Electron's suggestion, he tried to use

the CHFN bug. The CHFN command lets users change the information

provided--such as their name, work address or office phone

number--when someone `fingers' their accounts. The bug had appeared in

one of the Zardoz files and Phoenix and Electron had already used it

to break into several other machines.

Electron wanted to use the CHFN bug because, if the attack was

successful, Phoenix would be able to make a root account for himself

on Spaf's machine. That would be the ultimate slap in the face to a

high-profile computer security guru.

But things weren't going well for Phoenix. The frustrated Australian

hacker kept telling Electron that the bug should work, but it

wouldn't, and he couldn't figure out why. The problem, Electron

finally concluded, was that Spaf's machine was a Sequent. The CHFN bug

depended on a particular Unix password file structure, but Sequents

used a different structure. It didn't help that Phoenix didn't know

that much about Sequents--they were one of Gandalf's specialties.

After a few exasperating hours struggling to make the CHFN bug work,

Phoenix gave up and turned to another security flaw suggested by

Electron: the FTP bug. Phoenix ran through the bug in his mind.

Normally, someone used FTP, or file transfer protocol, to transfer

files over a network, such as the Internet, from one computer to

another. FTPing to another machine was a bit like telnetting, but the

user didn't need a password to login and the commands he could execute

once in the other computer were usually very limited.

If it worked, the FTP bug would allow Phoenix to slip in an extra

command during the FTP login process. That command would force Spaf's

machine to allow Phoenix to login as anyone he wanted--and what he

wanted was to login as someone who had root privileges. The `root'

account might be a little obvious

if anyone was watching, and it didn't always have remote

access anyway. So he chose `daemon', another commonly root-privileged

account, instead.

It was a shot in the dark. Phoenix was fairly sure Spaf would have

secured his machine against such an obvious attack, but Electron urged

him to give it a try anyway. The FTP bug had been announced throughout

the computer security community long ago, appearing in an early issue

of Zardoz. Phoenix hesitated, but he had run out of ideas, and time.

Phoenix typed:

FTP -i uther.purdue.edu

quote user anonymous

quote cd ~daemon

quote pass anything

The few seconds it took for his commands to course from his suburban

home in Melbourne and race deep into the Midwest felt like a lifetime.

He wanted Spaf's machine, wanted Deszip, and wanted this attack to

work. If he could just get Deszip, he felt the Australians would be

unstoppable.

Spaf's machine opened its door as politely as a doorman at the Ritz

Carlton. Phoenix smiled at his computer. He was in.

It was like being in Aladdin's cave. Phoenix just sat there, stunned

at the bounty which lay before him. It was his, all his. Spaf had

megabytes of security files in his directories. Source code for the

RTM Internet worm. Source code for the WANK worm. Everything. Phoenix

wanted to plunge his hands in each treasure chest and scoop out greedy

handfuls, but he resisted the urge. He had a more important--a more

strategic--mission to accomplish first.

He prowled through the directories, hunting everywhere for Deszip.

Like a burglar scouring the house for the family silver, he pawed

through directory after directory. Surely, Spaf had to have Deszip. If

anyone besides Matthew Bishop was going to have a copy, he would. And

finally, there it was. Deszip. Just waiting for Phoenix.

Then Phoenix noticed something else. Another file. Curiosity got the

better of him and he zoomed in to have a quick look. This one

contained a passphrase--the passphrase. The phrase the Australians

needed to decrypt the original copy of Deszip they had stolen from the

Bear computer at Dartmouth three months earlier. Phoenix couldn't

believe the passphrase. It was so simple, so obvious. But he caught


Directory: ~suelette -> underground

Download 6.15 Mb.

Share with your friends:
1   ...   15   16   17   18   19   20   21   22   ...   43




The database is protected by copyright ©sckool.org 2020
send message

    Main page