Suelette dreyfus julian assange



Download 6.15 Mb.
Page8/43
Date03.05.2017
Size6.15 Mb.
1   ...   4   5   6   7   8   9   10   11   ...   43

Some wanted free copies of the latest software, usually pirated games

from the US. Others wanted to share information and ideas about ways

to break into computers, often those owned by local universities.

Still others wanted to learn about how to manipulate the telephone

system.


The private areas functioned like a royal court, populated by

aristocrats and courtiers with varying seniority, loyalties and

rivalries. The areas involved an intricate social order and respect

was the name of the game. If you wanted admission, you had to walk a

delicate line between showing your superiors that you possessed enough

valuable hacking information to be elite and not showing them so much

they would brand you a blabbermouth. A perfect bargaining chip was an

old password for Melbourne University's dial-out.

The university's dial-out was a valuable thing. A hacker could ring up

the university's computer, login as `modem' and the machine would drop

him into a modem which let him dial out again. He could then dial

anywhere in the world, and the university would foot the phone bill.

In the late 1980s, before the days of cheap, accessible Internet

connections, the university dial-out meant a hacker could access

anything from an underground BBS in Germany to a US military system in

Panama. The password put the world at his fingertips.

A hacker aspiring to move into PI's Inner Sanctum wouldn't give out

the current dial-out password in the public discussion areas. Most

likely, if he was low in the pecking order, he wouldn't have such

precious information. Even if he had managed to stumble across the

current password somehow, it was risky giving it out publicly. Every

wanna-be and his dog would start messing around with the university's

modem account. The system administrator would wise up and change the

password and the hacker would quickly lose his own access to the

university account. Worse, he would lose access for other hackers--the

kind of hackers who ran H.A.C.K., Elite and the Inner Sanctum. They

would be really cross. Hackers hate it when passwords on accounts they

consider their own are changed without warning. Even if the password

wasn't changed, the aspiring hacker would look like a guy who couldn't

keep a good secret.

Posting an old password, however, was quite a different matter. The

information was next to useless, so the hacker wouldn't be giving much

away. But just showing he had access to that sort of information

suggested he was somehow in the know. Other hackers might think he had

had the password when it was still valid. More importantly, by showing

off a known, expired password, the hacker hinted that he might just

have the current password. Voila! Instant respect.

Positioning oneself to win an invite into the Inner Sanctum was a game

of strategy; titillate but never go all the way. After a while,

someone on the inside would probably notice you and put in a word with

Bowen. Then you would get an invitation.

If you were seriously ambitious and wanted to get past the first inner

layer, you then had to start performing for real. You couldn't hide

behind the excuse that the public area might be monitored by the

authorities or was full of idiots who might abuse valuable hacking

information.

The hackers in the most elite area would judge you on how much

information you provided about breaking into computer or phone

systems. They also looked at the accuracy of the information. It was

easy getting out-of-date login names and passwords for a student

account on Monash University's computer system. Posting a valid

account for the New Zealand forestry department's VMS system intrigued

the people who counted considerably more.

The Great Rite of Passage from boy to man in the computer underground

was Minerva. OTC, Australia's then government-owned Overseas

Telecommunications Commission,3 ran Minerva, a system of three Prime

mainframes in Sydney. For hackers such as Mendax, breaking into

Minerva was the test.

Back in early 1988, Mendax was just beginning to explore the world of

hacking. He had managed to break through the barrier from public to

private section of PI, but it wasn't enough. To be recognised as

up-and-coming talent by the aristocracy of hackers such as The Force

and The Wizard, a hacker had to spend time inside the Minerva system.

Mendax set to work on breaking

into it.

Minerva was special for a number of reasons. Although it was in

Sydney, the phone number to its entry computer, called an X.25 pad,

was a free call. At the time Mendax lived in Emerald, a country town

on the outskirts of Melbourne. A call to most Melbourne numbers

incurred a long-distance charge, thus ruling out options such as the

Melbourne University dial-out for breaking into international computer

systems.


Emerald was hardly Emerald City. For a clever sixteen-year-old boy,

the place was dead boring. Mendax lived there with his mother; Emerald

was merely a stopping point, one of dozens, as his mother shuttled her

child around the continent trying to escape from a psychopathic former

de facto. The house was an emergency refuge for families on the run.

It was safe and so, for a time, Mendax and his exhausted family

stopped to rest before tearing off again in search of a new place to

hide.


Sometimes Mendax went to school. Often he didn't. The school system

didn't hold much interest for him. It didn't feed his mind the way

Minerva would. They Sydney computer system was a far more interesting

place to muck around in than the rural high school.

Minerva was a Prime computer, and Primes were in. Force, one of the

more respected hackers in 1987-88 in the Australian computer

underground, specialised in Primos, the special operating system used

on Prime computers. He wrote his own programs--potent hacking tools

which provided current usernames and passwords--and made the systems

fashionable in the computer underground.

Prime computers were big and expensive and no hacker could afford one,

so being able to access the speed and computational grunt of a system

like Minerva was valuable for running a hacker's own programs. For

example, a network scanner, a program which gathered the addresses of

computers on the X.25 network which would be targets for future

hacking adventures, ate up computing resources. But a huge machine

like Minerva could handle that sort of program with ease. Minerva also

allowed users to connect to other computer systems on the X.25 network

around the world. Better still, Minerva had a BASIC interpreter on it.

This allowed people to write programs in the BASIC programming

language--by far the most popular language at the time--and make them

run on Minerva. You didn't have to be a Primos fanatic, like Force, to

write and execute a program on the OTC computer. Minerva suited Mendax

very well.

The OTC system had other benefits. Most major Australian corporations

had accounts on the system. Breaking into an account requires a

username and password; find the username and you have solved half the

equation. Minerva account names were easy picking. Each one was

composed of three letters followed by three numbers, a system which

could have been difficult to crack except for the choice of those

letters and numbers. The first three letters were almost always

obvious acronyms for the company. For example, the ANZ Bank had

accounts named ANZ001, ANZ002 and ANZ002. The numbers followed the

same pattern for most companies. BHP001. CRA001. NAB001. Even OTC007.

Anyone with the IQ of a desk lamp could guess at least a few account

names on Minerva. Passwords were a bit tougher to come by, but Mendax

had some ideas for that. He was going to have a crack at social

engineering. Social engineering means smooth-talking someone in a

position of power into doing something for you. It always involved a

ruse of some sort.

Mendax decided he would social engineer a password out of one of

Minerva's users. He had downloaded a partial list of Minerva users

another PI hacker had generously posted for those talented enough to

make use of it. This list was maybe two years old, and incomplete, but

it contained 30-odd pages of Minerva account usernames, company names,

addresses, contact names and telephone and fax numbers. Some of them

would probably still be valid.

Mendax had a deep voice for his age; it would have been impossible to

even contemplate social engineering without it. Cracking adolescent

male voices were the kiss of death for would-be social engineers. But

even though he had the voice, he didn't have the office or the Sydney

phone number if the intended victim wanted a number to call back on.

He found a way to solve the Sydney phone number by poking around until

he dug up a number with Sydney's 02 area code which was permanently

engaged. One down, one to go.

Next problem: generate some realistic office background noise. He

could hardly call a company posing as an OTC official to cajole a

password when the only background noise was birds tweeting in the

fresh country air.

No, he needed the same background buzz as a crowded office in downtown

Sydney. Mendex had a tape recorder, so he could pre-record the sound

of an office and play it as background when he called companies on the

Minerva list. The only hurdle was finding the appropriate office

noise. Not even the local post office would offer a believable noise

level. With none easily accessible, he decided to make his own audible

office clutter. It wouldn't be easy. With a single track on his

recording device, he couldn't dub in sounds on top of each other: he

had to make all the noises simultaneously.

First, he turned on the TV news, down very low, so it just hummed in

the background. Then he set up a long document to print on his

Commodore MPS 801 printer. He removed the cover from the noisy dot

matrix machine, to create just the right volume of clackity-clack in

the background. Still, he needed something more. Operators' voices

mumbling across a crowded floor. He could mumble quietly to himself,

but he soon discovered his verbal skills had not developed to the

point of being able to stand in the middle of the room talking about

nothing to himself for a quarter of an hour. So he fished out his

volume of Shakespeare and started reading aloud. Loud enough to hear

voices, but not so loud that the intended victim would be able to pick

Macbeth. OTC operators had keyboards, so he began tapping randomly on

his. Occasionally, for a little variation, he walked up to the tape

recorder and asked a question--and then promptly answered it in

another voice. He stomped noisily away from the recorder again, across

the room, and then silently dove back to the keyboard for more

keyboard typing and mumblings of Macbeth.

It was exhausting. He figured the tape had to run for at least fifteen

minutes uninterrupted. It wouldn't look very realistic if the office

buzz suddenly went dead for three seconds at a time in the places

where he paused the tape to rest.

The tapes took a number of attempts. He would be halfway through,

racing through line after line of Shakespeare, rap-tap-tapping on his

keyboard and asking himself questions in authoritative voices when the

paper jammed in his printer. Damn. He had to start all over again.

Finally, after a tiring hour of auditory schizophrenia, he had the

perfect tape of office hubbub.

Mendax pulled out his partial list of Minerva users and began working

through the 30-odd pages. It was discouraging.

`The number you have dialled is not connected. Please check the number

before dialling again.'

Next number.

`Sorry, he is in a meeting at the moment. Can I have him return your

call?' Ah, no thanks.

Another try.

`That person is no longer working with our company. Can I refer you to

someone else?' Uhm, not really.

And another try.

Finally, success.

Mendax reached one of the contact names for a company in Perth. Valid

number, valid company, valid contact name. He cleared his throat to

deepen his voice even further and began.

`This is John Keller, an operator from OTC Minerva in Sydney. One of

our D090 hard drives has crashed. We've pulled across the data on the

back-up tape and we believe we have all your correct information. But

some of it might have been corrupted in the accident and we would just

like to confirm your details. Also the back-up tape is two days old,

so we want to check your information is up to date so your service is

not interrupted. Let me just dig out your details ...' Mendax shuffled

some papers around on the table top.

`Oh, dear. Yes. Let's check it,' the worried manager responded.

Mendax started reading all the information on the Minerva list

obtained from Pacific Island, except for one thing. He changed the fax

number slightly. It worked. The manager jumped right in.

`Oh, no. That's wrong. Our fax number is definitely wrong,' he said

and proceeded to give the correct number.

Mendax tried to sound concerned. `Hmm,' he told the manager. `We may

have bigger problems than we anticipated. Hmm.' He gave another

pregnant pause. Working up the courage to ask the Big Question.

It was hard to know who was sweating more, the fretting Perth manager,

tormented by the idea of loud staff complaints from all over the

company because the Minerva account was faulty, or the gangly kid

trying his hand at social engineering for the first time.

`Well,' Mendax began, trying to keep the sound of authority in his

voice. `Let's see. We have your account number, but we had better

check your password ... what was it?' An arrow shot from the bow.

It hit the target. `Yes, it's L-U-R-C-H--full stop.'

Lurch? Uhuh. An Addams Family fan.

`Can you make sure everything is working? We don't want our service

interrupted.' The Perth manager sounded quite anxious.

Mendax tapped away on the keyboard randomly and then paused. `Well, it

looks like everything is working just fine now,' he quickly reassured

him. Just fine.

`Oh, that's a relief!' the Perth manager exclaimed. `Thank you for

that. Thank you. I just can't thank you enough for calling us!' More

gratitude.

Mendax had to extract himself. This was getting embarrassing.

`Yes, well I'd better go now. More customers to call.' That should

work. The Perth manager wanted a contact telephone number, as

expected, if something went wrong--so Mendax gave him the one which

was permanently busy.

`Thank you again for your courteous service!' Uhuh. Anytime.

Mendax hung up and tried the toll-free Minerva number. The password

worked. He couldn't believe how easy it was to get in.

He had a quick look around, following the pattern of most hackers

breaking into a new machine. First thing to do was to check the

electronic mail of the `borrowed' account. Email often contains

valuable information. One company manager might send another

information about other account names, password changes or even phone

numbers to modems at the company itself. Then it was off to check the

directories available for anyone to read on the main system--another

good source of information. Final stop: Minerva's bulletin board of

news. This included postings from the system operators about planned

downtime or other service issues. He didn't stay long. The first visit

was usually mostly a bit of reconnaissance work.

Minerva had many uses. Most important among these was the fact that

Minerva gave hackers an entry point into various X.25 networks. X.25

is a type of computer communications network, much like the Unix-based

Internet or the VMS-based DECNET. It has different commands and

protocols, but the principle of an extensive worldwide data

communications network is the same. There is, however, one important

difference. The targets for hackers on the X.25 networks are often far

more interesting. For example, most banks are on X.25. Indeed, X.25

underpins many aspects of the world's financial markets. A number of

countries' classified military computer sites only run on X.25. It is

considered by many people to be more secure than the Internet or any

DECNET system.

Minerva allowed incoming callers to pass into the X.25

network--something most Australian universities did not offer at the

time. And Minerva let Australian callers do this without incurring a

long-distance telephone charge.

In the early days of Minerva, the OTC operators didn't seem to care

much about the hackers, probably because it seemed impossible to get

rid of them. The OTC operators managed the OTC X.25 exchange, which

was like a telephone exchange for the X.25 data network. This exchange

was the data gateway for Minerva and other systems connected to that

data network.

Australia's early hackers had it easy, until Michael Rosenberg

arrived.

Rosenberg, known on-line simply as MichaelR, decided to clean up

Minerva. An engineering graduate from Queensland University, Michael

moved to Sydney when he joined OTC at age 21. He was about the same

age as the hackers he was chasing off his system. Rosenberg didn't

work as an OTC operator, he managed the software which ran on Minerva.

And he made life hell for people like Force. Closing up security

holes, quietly noting accounts used by hackers and then killing those

accounts, Rosenberg almost single-handedly stamped out much of the

hacker activity in OTC's Minerva.

Despite this, the hackers--`my hackers' as he termed the regulars--had

a grudging respect for Rosenberg. Unlike anyone else at OTC, he was

their technical equal and, in a world where technical prowess was the

currency, Rosenberg was a wealthy young man.

He wanted to catch the hackers, but he didn't want to see them go to

prison. They were an annoyance, and he just wanted them out of his

system. Any line trace, however, had to go through Telecom, which was

at that time a separate body from OTC. Telecom, Rosenberg was told,

was difficult about these things because of strict privacy laws. So,

for the most part, he was left to deal with the hackers on his own.

Rosenberg could not secure his system completely since OTC didn't

dictate passwords to their customers. Their customers were usually

more concerned about employees being able to remember passwords easily

than worrying about warding off wily hackers. The result: the

passwords on a number of Minerva accounts were easy pickings.

The hackers and OTC waged a war from 1988 to 1990, and it was fought

in many ways.

Sometimes an OTC operator would break into a hacker's on-line session

demanding to know who was really using the account. Sometimes the

operators sent insulting messages to the hackers--and the hackers gave

it right back to them. They broke into the hacker's session with `Oh,

you idiots are at it again'. The operators couldn't keep the hackers

out, but they had other ways of getting even.

Electron, a Melbourne hacker and rising star in the Australian

underground, had been logging into a system in Germany via OTC's X.25

link. Using a VMS machine, a sort of sister system to Minerva, he had

been playing a game called Empire on the Altos system, a popular

hang-out for hackers. It was his first attempt at Empire, a complex

war game of strategy which attracted players from around the world.

They each had less than one hour per day to conquer regions while

keeping production units at a strategic level. The Melbourne hacker

had spent weeks building his position. He was in second place.

Then, one day, he logged into the game via Minerva and the German

system, and he couldn't believe what he saw on the screen in front of

him. His regions, his position in the game, all of it--weeks of

work--had been wiped out. An OTC operator had used an X.25

packet-sniffer to monitor the hacker's login and capture his password to

Empire. Instead of trading the usual insults, the operator had waited

for the hacker to logoff and then had hacked into the game and destroyed

the hacker's position.

Electron was furious. He had been so proud of his position in his very

first game. Still, wreaking havoc on the Minerva system in retribution

was out of the question. Despite the fact that they wasted weeks of

his work, Electron had no desire to damage their system. He considered

himself lucky to be able to use it as long as he did.

The anti-establishment attitudes nurtured in BBSes such as PI and Zen

fed on a love of the new and untried. There was no bitterness, just a

desire to throw off the mantle of the old and dive into the new.

Camaraderie grew from the exhilarating sense that the youth in this

particular time and place were constantly on the edge of big

discoveries. People were calling up computers with their modems and

experimenting. What did this key sequence do? What about that tone?

What would happen if ... It was the question which drove them to stay

up day and night, poking and prodding. These hackers didn't for the

most part do drugs. They didn't even drink that much, given their age.

All of that would have interfered with their burning desire to know,

would have dulled their sharp edge. The underground's

anti-establishment views were mostly directed at organisations which

seemed to block the way to the new frontier--organisations like

Telecom.


It was a powerful word. Say `Telecom' to a member of the computer

underground from that era and you will observe the most striking

reaction. Instant contempt sweeps across his face. There is a pause as

his lips curl into a noticeable sneer and he replies with complete

derision, `Telescum'. The underground hated Australia's national

telephone carrier with a passion equalled only to its love of

exploration. They felt that Telecom was backward and its staff had no

idea how to use their own telecommunications technology. Worst of all,

Telecom seemed to actively dislike BBSes.

Line noise interfered with one modem talking to another, and in the

eyes of the computer underground, Telecom was responsible for the line


Directory: ~suelette -> underground

Download 6.15 Mb.

Share with your friends:
1   ...   4   5   6   7   8   9   10   11   ...   43




The database is protected by copyright ©sckool.org 2020
send message

    Main page