1997-06-25 - Underground extract: System X

Header Data

From: proff@iq.org
To: cypherpunks@toad.com
Message Hash: fcb2f91ecde289fb9cf635fbc5f9a235eecabfb5d9c59ffe7a11742ba90a3087
Message ID: <19970625004604.1793.qmail@iq.org>
Reply To: N/A
UTC Datetime: 1997-06-25 02:27:56 UTC
Raw Date: Wed, 25 Jun 1997 10:27:56 +0800

Raw message

From: proff@iq.org
Date: Wed, 25 Jun 1997 10:27:56 +0800
To: cypherpunks@toad.com
Subject: Underground extract: System X
Message-ID: <19970625004604.1793.qmail@iq.org>
MIME-Version: 1.0
Content-Type: text/plain



Anyone read this book? Apparently the first in-depth investigation
into the international computer underground to come out of the
Southern-Hemisphere - or so I'm told ;)  - J.A

Extracts from Underground - The true nature of System X

  Extracted from Chapter 10 - "Anthrax - The Outsider"
  
   Note: System X's name has been changed for legal reasons.
   
   Sometimes the time just slipped away, hacking all night. When the first hint
   of dawn snuck up on him, he was invariably in the middle of some exciting
   journey. But duty was duty, and it had to be done. So Anthrax pressed control
   S to freeze his screen, unfurled the prayer mat with its built-in compass,
   faced Mecca, knelt down and did two sets of prayers before sunrise. Ten
   minutes later he rolled the prayer mat up, slid back into his chair, typed
   control Q to release the pause on his computer and picked up where he left
   off.
   
   This company's computer system seemed to confirm what he had begun to
   suspect. System X was the first stage of a project, the rest of which was
   under development. He found a number of tables and reports in System X's
   files. The reports carried headers like 'Traffic Analysis', 'calls in' and
   'calls out', 'failure rate'. It all began to make sense to Anthrax.
   
   System X called up each of the military telephone exchanges in that list. It
   logged in using the computer-generated name and password. Once inside, a
   program in System X polled the exchange for important statistics, such as the
   number of calls coming in and out of the base. This information was then
   stored on System X. Whenever someone wanted a report on something, for
   example, the military sites with the most incoming calls over the past 24
   hours, he or she would simply ask System X to compile the information. All of
   this was done automatically.
   
   Anthrax had read some email suggesting that changes to an exchange, such as
   adding new telephone lines on the base, had been handled manually, but this
   job was soon to be done automatically by System X. It made sense. The
   maintenance time spent by humans would be cut dramatically.
   
   A machine which gathers statistics and services phone exchanges remotely
   doesn't sound very sexy on the face of it, until you begin to consider what
   you could do with something like that. You could sell it to a foreign power
   interested in the level of activity at a certain base at a particular time.
   And that is just the beginning.
   
   You could tap any unencrypted line going in or out of any of the 100 or so
   exchanges and listen in to sensitive military discussions. Just a few
   commands makes you a fly on the wall of a general's conversation to the head
   of a base in the Philippines. Anti-government rebels in that country might
   pay a pretty penny for getting intelligence on the US forces.
   
   All of those options paled next to the most striking power wielded by a
   hacker who had unlimited access to System X and the 100 or so telephone
   exchanges. He could take down that US military voice communications system
   almost overnight, and he could do it automatically. The potential for havoc
   creation was breathtaking. It would be a small matter for a skilled
   programmer to alter the automated program used by System X. Instead of using
   its dozen or more modems to dial all the exchanges overnight and poll them
   for statistics, System X could be instructed to call them overnight and
   reprogram the exchanges.
   
   				      ---

   No-one would be able to reach one another. An important part of the US
   military machine would be in utter disarray. Now, what if all this happened
   in the first few days of a war? People trying to contact each other with
   vital information wouldn't be able to use the telephone exchanges
   reprogrammed by System X.
   
   THAT was power.
   
   It wasn't like Anthrax screaming at his father until his voice turned to a
   whisper, all for nothing. He could make people sit up and take notice with
   this sort of power.
   
   Hacking a system gave him a sense of control. Getting root on a system always
   gave him an adrenalin rush for just that reason. It meant the system was his,
   he could do whatever he wanted, he could run whatever processes or programs
   he desired, he could remove other users he didn't want using his system. He
   thought, I own the system. The word 'own' anchored the phrase which circled
   through his thoughts again and again when he successfully hacked a system.
   
   The sense of ownership was almost passionate, rippled with streaks of
   obsession and jealousy. At any given moment, Anthrax had a list of systems he
   owned and that had captured his interest for that moment. Anthrax hated
   seeing a system administrator logging onto one of those systems. It was an
   invasion. It was as though Anthrax had just got this woman he had been after
   for some time alone in a room with the door closed. Then, just as he was
   getting to know her, this other guy had barged in, sat down on the couch and
   started talking to her.
   
   It was never enough to look at a system from a distance and know he could
   hack it if he wanted to. Anthrax had to actually hack the system. He had to
   own it. He needed to see what was inside the system, to know exactly what it
   was he owned.
   
   The worst thing admins could do was to fiddle with system security. That made
   Anthrax burn with anger. If Anthrax was on-line, silently observing the
   adminsÕ activities, he would feel a sudden urge to log them off. He wanted to
   punish them. Wanted them to know he was into their system. And yet, at the
   same time, he didnÕt want them to know. Logging them off would draw attention
   to himself, but the two desires pulled at him from opposite directions. What
   Anthrax really wanted was for the admins to know he controlled their system,
   but for them not to be able to do anything about it. He wanted them to be
   helpless.
   
   Anthrax decided to keep undercover. But he contemplated the power of having
   System X's list of telephone exchange dial-ups and their username - password
   combinations. Normally, it would take days for a single hacker with his lone
   modem to have much impact on the US military's communications network. Sure,
   he could take down a few exchanges before the military wised up and started
   protecting themselves. It was like hacking a military computer. You could
   take out a machine here, a system there. But the essence of the power of
   System X was being able to use its own resources to orchestrate widespread
   pandemonium quickly and quietly.
   
   Anthrax defines power as the potential for real world impact. At that moment
   of discovery and realisation, the real world impact of hacking System X
   looked good. The telecommunications company computer seemed like a good place
   to hang up a sniffer, so he plugged one into the machine and decided to
   return in a little while. Then he logged out and went to bed.
   
   When he revisited the sniffer a day or so later, Anthrax received a rude
   shock. Scrolling through the sniffer file, he did a double take on one of the
   entries. Someone had logged into the company's system using his special login
   patch password.
   
   He tried to stay calm. He thought hard. When was the last time he had logged
   into the system using that special password? Could his sniffer have logged
   himself on an earlier hacking session? It did happen occasionally. Hackers
   sometimes gave themselves quite a fright. In the seamless days and nights of
   hacking dozens of systems, it was easy to forget the last time you logged
   into a particular system using the special password. The more he thought, the
   more he was absolutely sure. He hadn't logged into the system again.
   
   Which left the obvious question. Who had?
     ________________________________________________________________________
     [This extract may be reposted non-commercially and without charge only]

   Underground; Tales of Hacking, Madness and Obsession on the Electronic
   Frontier, by Suelette Dreyfus; published by Mandarin (Random House
   Australia); (P) 475 pages with bib. http://www.underground-book.com/ or
   http://underground.org/book






Thread