else on-line. If caught, the law, as interpreted by the AFP and the
DPP, says he faces up to ten years in prison. The reason? He has
inserted or deleted data.
Although the spy hacker might also face other charges--such as
treason--this exercise illustrates some of the problems with the
current computer crime legislation.
The letter of the law says that our look-see hacker might face a
prison term five times greater than the bank fraud criminal or the
military spy, and twenty times greater than the anti-Liberal Party
subversive, if he inserts or deletes any data. The law, as interpreted
by the AFP, says that the look-see hacking described above should have
the same maximum ten-year prison penalty as judicial corruption. It's
a weird mental image--the corrupt judge and the look-see hacker
sharing a prison cell.
Although the law-makers may not have fully understood the
technological aspects of hacking when they introduced the computer
crimes legislation, their intent seems clear. They were trying to
differentiate between a malicious hacker and a look-see hacker, but
they could have worded it better.
As it's worded, the legislation puts malicious, destructive hacking on
a par with look-see hacking by saying that anyone who destroys,
erases, alters or inserts data via a carrier faces a prison term,
regardless of the person's intent. There is no gradation in the law
between mere deletion of data and `aggravated deletion'--the maximum
penalty is ten years for both. The AFP has taken advantage of this
lack of distinction, and the result has been a steady stream of
look-see hackers being charged with the most serious computer crime
Parliament makes the laws. Government institutions such as the AFP,
the DPP and the courts interpret and apply those laws. The AFP and to
some extent the DPP have applied the strict letter of the law
correctly in most of the hacking cases described in this book. They
have, however, missed the intention of the law. Change the law and
they may behave differently. Make look-see hacking a minor offence and
the institutions will stop going after the soft targets and hopefully
spend more time on the real criminals.
I have seen some of these hackers up close, studied them for two years
and learned a bit about what makes them tick. In many ways, they are
quintessentially Australian, always questioning authority and
rebelling against `the establishment'. They're smart--in some cases
very smart. A few might even be classified as technical geniuses.
They're mischievous, but also very enterprising. They're rebels,
public nuisances and dreamers.
Most of all, they know how to think outside the box.
This is not a flaw. Often, it is a very valuable trait--and one which
pushes society forward into new frontiers. The question shouldn't be
whether we want to crush it but how we should steer it in a different
If you would like to comment on this book, please write to
email@example.com. All comments are passed onto
Dreyfus & Assange.
Underground -- Glossary and Abbreviations
AARNET Australian Academic Research Network
ACARB Australian Computer Abuse Research Bureau, once called CITCARB
AFP Australian Federal Police
Altos West German chat system and hacker hang-out, connected to X.25
network and run by Altos Computer Systems, Hamburg
ANU Australian National University
ASIO Australian Security Intelligence Organisation
Backdoor A program or modification providing secret access to a
computer system, installed by a hacker to bypass normal security. Also
used as a verb
BBS Bulletin Board System
BNL Brookhaven National Laboratory (US)
BRL Ballistics Research Laboratory (US)
BT British Telecom
CCITT Committee Consultatif Internationale Telegraph et Telephonie:
Swiss telecommunications standards body (now defunct; see ITU)
CCS Computer Crime Squad
CCU Computer Crimes Unit (Australian Federal Police)
CERT Computer Emergency Response Team
CIAC Computer Incident Advisory Capability: DOE's computer security
CITCARB Chisholm Institute of Technology Computer Abuse Research
COBE Cosmic Background Explorer project: a NASA research project
DARPA Defense Advanced Research Projects Agency (US)
DCL Digital Command Language, a computer programming language used on
DDN Defense Data Network
DEC Digital Equipment Corporation
DECNET A network protocol used to convey information between
(primarily) VAX/VMS machines
DEFCON (a) Defense Readiness Conditions, a system of progressive alert
postures in the US; (b) the name of Force's computer program which
automatically mapped out computer networks and scanned for accounts
DES Data Encryption Standard, an encryption algorithm developed by
IBM, NSA and NIST
Deszip Fast DES Unix password-cracking system developed by Matthew
DMS-100 Computerised telephone switch (exchange) made by NorTel
DOD Department of Defense (US)
DOE Department of Energy (US)
DPP Director of Public Prosecutions
DST Direction de la Surveillance du Territoire-- French secret service
EASYNET Digital Equipment Corporation's internal communication network
GTN Global Telecommunications Network: Citibank's international data
HEPNET High Energy Physics Network: DECNET-based network, primarily
IID Internal Investigations Division. Both the Victoria Police and the
AFP have an IID
IP Internet Protocol (RFC791): a data communications protocol, used to
transmit packets of data between computers on the Internet
IS International Subversive (electronic magazine)
ISU Internal Security Unit: anti-corruption unit of the Victoria
telecommunications standards body
JANET Joint Academic Network (UK), a network of computers
JPL Jet Propulsion Laboratory--a California-based NASA research centre
affiliated with CalTech
LLNL Lawrence Livermore National Laboratory (US)
LOD Legion of Doom
Lutzifer West German computer, connected to the X.25 network, which
had a chat facility
MFC Multi Frequency Code (Group III): inter-exchange
telecommunications system used by Telstra (Telecom)
MILNET Military Network: TCP/IP unclassified US DOD computer network
MOD Masters of Deception (or Destruction)
Modem Modulator De-modulator: a device used to transmit computer data
over a regular telephone line
NCA National Crime Authority
Netlink A Primos/Dialcom command used to initiate a connection over an
NIST National Institute of Standards (US)
NIC Network Information Center (US), run by DOD: a computer which
assigned domain names for the Internet.
NRL Naval Research Laboratory (US)
NSA National Security Agency (US)
NUA Network User Address: the `telephone' number of a computer on an
NUI Network User Identifier (or Identification): combined
username/password used on X.25 networks for billing purposes
NorTel Northern Telecom, Canadian manufacturer of telecommunications
PABX Private Automatic Branch Exchange
PAD Packet Assembler Disassembler--ASCII gateway to X.25 networks
PAR `PAR?'--command on PAD to display PAD
RMIT Royal Melbourne Institute of Technology
RTG Radioisotope Thermoelectric Generator, space probe Galileo's
plutonium-based power system
RTM Robert Tappan Morris (Jr), the Cornell University student who
wrote the Internet worm, also known as the RTM worm
Scanner A program which scans and compiles information, such as a list
primarily controlled by NASA
Sprint US telecommunications company, an X.25 network provider
Sprinter Word used by some Australian and English hackers to denote
scanner. Derived from scanning attacks on Sprint communications
Sprintnet X.25 network controlled by Sprint communications
Sun Sun Microsystems--a major producer of Unix workstations
TCP Transmission Control Protocol (RFC793): a standard for data
connection between two computers on the Internet
TELENET An X.25 network, DNIC 3110
Telnet A method of connection between two computers on the Internet or
other TCP/IP networks
Trojan A program installed by hackers to secretly gather information,
such as passwords. Can also be a backdoor
Tymnet An X.25 network controlled by MCI, DNIC 3106
Unix Multi-user computer operating system developed by AT&T and
VAX Virtual Address Extension: series of mini/mainframe computer
systems produced by DEC
VMS Virtual Memory System: computer operating system produced by DEC
and used on its VAX machines
WANK Worms Against Nuclear Killers: the title of DECNET/VMS-based worm
released into SPAN/DEC/HEPNET in 1989
X.25 International data communications network, using the X.25
communications protocol. Network is run primarily by major
telecommunications companies. Based on CCITT standard # X.25
Zardoz A restricted computer security mailing list
1. Words And Music by Rob Hirst/Martin Rotsey/James Moginie/Peter
Garrett/Peter Gifford. (c) Copyright 1982 Sprint Music. Administered
for the World--Warner/ Chappell Music Australia Pty Ltd. Used By
2. I have relied on numerous wire service reports, particularly those
of UPI Science Reporter William Harwood, for many of my descriptions
of Galileo and the launch.
3. William Harwood, `NASA Awaits Court Ruling on Shuttle Launch
Plans', UPI, 10 October 1989.
4. William Harwood, `Atlantis "Go" for Tuesday Launch', UPI, 16
6. From NASA's World Wide Web site.
7. Thomas A. Longstaff and E. Eugene Schulz, `Analysis of the WANK and
OILZ Worms', Computer and Security, vol. 12, no. 1, February 1993, p.
8. Katie Haffner and John Markoff, Cyberpunk, Corgi, London 1994, p.
9. The Age, 22 April 1996, reprinted from The New York Times.
10. DEC, Annual Report, 1989, listed in `SEC Online'.
11. GEMTOP was corrected to GEMPAK in a later advisory by CIAC.
12. `Officially' was spelled incorrectly in the original banner.
13. This advisory is printed with the permission of CIAC and Kevin
Oberman. CIAC requires the publication of the following disclaimer:
This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government, nor the University of California, nor any of their
employees makes any warranty, express or implied, or assumes any legal
liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favouring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.
14. Michael Alexander and Maryfran Johnson, `Worm Eats Holes in NASA's
Decnet', Computer World, 23 October 1989, p. 4.
16. William Harwood, `Shuttle Launch Rained Out', UPI, 17 October
17. Vincent Del Guidice, `Atlantis Set for Another Launch Try', UPI,
18. William Harwood, `Astronauts Fire Galileo on Flight to Jupiter',
UPI, 18 October 1989.
1. Words And Music by Rob Hirst/James Moginie. (c) Copyright 1985
Sprint Music. Administered for the World--Warner/Chappell Music
Australia Pty Ltd. Used By Permission.
2. FIRST was initially called CERT System. It was an international
version of CERT, the Computer Emergency Response Team, funded by the
US Department of Defense and run out of Carnegie Mellon University.
3. OTC was later merged with Telecom to become Telstra.
4. Stuart Gill is described in some detail in Operation Iceberg;
Investigation of Leaked Confidential Police Information and Related
Matters, Ordered to be printed by the Legislative Assembly of
Victoria, October 1993.
1. Words And Music by Peter Garrett/James Moginie.
(c) Copyright 1982 Sprint Music. Administered for the
World--Warner/Chappell Music Australia Pty Ltd. Used By Permission.
1. Words And Music by Peter Garrett/James Moginie/Martin Rotsey. (c)
Copyright 1980 Sprint Music. Administered for the
1. Words And Music by Rob Hirst/James Moginie. (c) Copyright 1989
Sprint Music. Administered for the World--Warner/ Chappell Music
2. The full text of the articles, used by permission News Ltd and
Helen Meredith, is:
3. From Operation Iceberg; Investigations and Recommendations into
Allegations of Leaked Confidential Police Information, included as
Appendix 1 in the report of the Deputy Ombudsman, Operation Iceberg;
5. Michael Alexander, `International Hacker "Dave" Arrested', Computer
World, 9 April 1990, p. 8.
6. Matthew May, `Hacker Tip-Off', The Times, 5 April 1990; Lou
Dolinar, `Australia Arrests Three in Computer Break-Ins', Newsday, 3
1. Words And Music by Rob Hirst/James Moginie/Peter Garrett. (c)
Copyright 1978 Sprint Music. Administered for the
World--Warner/Chappell Music Australia Pty Ltd. Used By Permission.
1. Words And Music by Peter Garrett/James Moginie/Rob Hirst. (c)
Copyright 1988 Sprint Music. Administered for the
2. Rupert Battcock, `The Computer Misuse Act Five years on--the Record
since 1990', paper, Strathclyde University, Glasgow, UK.
3. For the British material in this chapter, I have relied on personal
interviews, media reports (particularly for the Wandii case), journal
articles, academic papers and commission reports.
4. Colin Randall, `Teenage Computer Hacker "Caused Worldwide Chaos"',
Daily Telegraph, 23 February 1993.
5. The local phone company agreed to reduce the bill to
[sterling]3000, EORTIC information systems manager Vincent Piedboeuf
told the court.
6. Susan Watts, `Trial Haunted by Images of Life in the Twilight
Zone', The Independent, 18 March 1993.
7. Toby Wolpe, `Hacker Worked on Barclay's Software', Computer Weekly,
4 March 1993.
8. David Millward, `Computer Hackers Will be Pursued, Vow Police',
Daily Telegraph, 19 March 1993.
9. Chester Stern, `Hackers' Threat to Gulf War Triumph', Mail on
Sunday, 21 March 1993.
10. `Crimes of the Intellect--Computer Hacking', editorial, The Times,
20 March 1993.
11. `Owners Must Act to Put End to Computer Hacker "Insanity"', South
China Morning Post, 30 March 1993.
12. Nick Nuttall, `Hackers Stay Silent on Court Acquittal', The Times,
19 March 1993.
13. Melvyn Howe, Press Association Newsfile, Home News section, 21 May
1. Words And Music by James Moginie/Peter Garrett. (c) Copyright 1982
Sprint Music. Administered for the World--Warner/Chappell Music
Australia Pty Ltd. Used By Permission.
2. This is an edited version.
1. Words And Music by Rob Hirst. (c) Copyright 1993 Sprint Music.
Administered for the World--Warner/Chappell Music Australia Pty Ltd.
Used By Permission.
1. Words And Music by Rob Hirst/James Moginie/Martin Rotsey/Andrew
James. (c) Copyright 1978 Sprint Music. Administered for the
World--Warner/Chappell Music Australia Pty Ltd and Andrew James. Used
1. Words And Music by James Moginie (lyrics adapted from the book The
Great Prawn War And Other Stories by Dennis Kevans). (c) Copyright
1984 Sprint Music. Administered for the World--Warner/Chappell Music
1. Victorian Ombudsman, Operation Iceberg; Investigation of Leaked
Confidential Police Information and Related Matters.
2. The police report was printed as an appendix in the Ombudsman's
report. See Chapter 5, note 1, above.
3. Australian Federal Police, Annual Report, 1995-1996, p. 7.
Australian Federal Police (AFP), Annual Report 1995-1996, Canberra,
----, Annual Report 1993-1994, Canberra, 1994.
Bourne, Philip E., `Internet security; System Security', DEC
Professional, vol. 11, June 1992.
Cerf, Vinton G., `Networks', Scientific American, vol. 265, September
Crime (The Gibbs Report), Canberra, 1988.
Commonwealth Director of Public Prosecutions (DDP), Annual Report
1993-1994, Canberra, 1994.
Commonwealth Scientific and Industrial Research Organisation (CSIRO),
Annual Report 1994-1995, Canberra, 1995.
Davis, Andrew W., `DEC Pathworks the mainstay in Mac-to-VAX
connectivity', MacWeek, vol. 6, 3 August 1992.
Department of Foreign Affairs and Trade, Australian Treaty Series
1993, no. 40, Australian Government Publishing Service, Canberra,
Digital Equipment Corporation, Annual Report 1989, Securities and
----, Quarterly Report for period ending 12.31.89, SEC Online (USA).
Gezelter, Robert, `The DECnet TASK object; Tutorial', Digital Systems
Journal, vol. 16, July 1994.
Gianatasio, David, `Worm infestation hits 300 VAX/VMS systems
worldwide via DECnet', Digital Review, vol. 6, 20 November 1989.
Haffner, Katie & Markoff, John, Cyberpunk, Corgi Books (Transworld),
Moorebank NSW, 1994.
Halbert, Debora, `The Potential for Modern Communication Technology to
Challenge Legal Discourses of Authorship and Property', Murdoch
University E-Law Journal, vol. 1, no. 2.
Kelman, Alistair, `Computer Crime in the 1990s: A Barrister's View',
Paper for the Twelfth International Symposium on Economic Crime,
Law Commission (UK) Working Paper, no. 110, 1988.
Lloyd, J. Ian & Simpson, Moira, Law on the Electronic Frontier, David
Hume Institute, Edinburgh, 1996.
Longstaff, Thomas A., & Schultz, E. Eugene, `Beyond preliminary
analysis of the WANK and OILZ worms: a case study of malicious code',
Computers & Security, vol. 12, February 1993.
Loundy, David J., `Information Systems Law and Operator Liability
Revisited', Murdoch University E-Law Journal, vol. 1, no. 3, September
McMahon, John, `Practical DECnet security', Digital Systems Journal,
Melford, Robert J., `Network security; computer networks', Internal
Auditor, Institute of Internal Auditors, vol. 50, February 1993.
Natalie, D. & Ball, W, EIS Coordinator, North Carolina Emergency
Management, `How North Carolina Managed Hurricane Hugo', EIS News,
vol. 3, no. 11, 1988.
NorTel Australia Pty Ltd, Discovering Tomorrow's Telecommunications
Solutions, Chatswood, NSW (n.d.).
Northern Telecom, Annual Report 1993, Ontario, 1993.
Slatalla, Michelle & Quittner, Joshua, Masters of Deception,
HarperCollins, New York, 1995.
Royal Commission into Aboriginal Deaths in Custody, Report of the
Inquiry into the Death of the Woman Who Died at Ceduna, Australian
Government Publishing Service, Canberra, 1990.
Scottish Law Commission's Report on Computer Crime, no. 174, 1987.
SPAN Management Office, `Security guidelines to be followed in the
latest worm attack', an Intranetwork Memorandum released by the SPAN
Management Office, NASA, 30 October 1989.
Sterling, Bruce, The Hacker Crackdown, Penguin Books, Melbourne, 1994.
Stoll, Clifford, The Cuckoo's Egg, Pan Books, London, 1991.
Tencati, Ron, `Information regarding the DECNET worm and protection
measures', an Intranetwork Memorandum released by the SPAN Management
Office, NASA, 19 October 1989.
----, `Network Security Suplemental Information--Protecting the DECNET
Account', security advisory, released by SPAN, NASA/Goddard Space
Flight Center, 1989.
The Victorian Ombudsman, Operation Iceberg: Investigation of Leaked
Confidential Police Information and Related Matters, Report of the
Deputy Ombudsman (Police Complaints), L.V. North Government Printer,
`USA proposes international virus team', Computer Fraud & Security
Bulletin (Elsevier Advanced Technology Publications), August 1991.
Victoria Police, Operation Iceberg--Investigation and Recommendations
into Allegations of Leaked Confidential Police Information, 1 June,
Memorandum from Victoria Police Commander Bowles to Chief Commissioner
Comrie (also available as Appendix 1 in the Victorian Ombudsman's
Operation Iceberg Report, tabled in Victorian Parliament, October
Vietor, Richard, Contrived Competition: Regulation and Deregulation in