From: proff@iq.org
To: cypherpunks@toad.com
Message Hash: fcb2f91ecde289fb9cf635fbc5f9a235eecabfb5d9c59ffe7a11742ba90a3087
Message ID: <19970625004604.1793.qmail@iq.org>
Reply To: N/A
UTC Datetime: 1997-06-25 02:27:56 UTC
Raw Date: Wed, 25 Jun 1997 10:27:56 +0800
From: proff@iq.org
Date: Wed, 25 Jun 1997 10:27:56 +0800
To: cypherpunks@toad.com
Subject: Underground extract: System X
Message-ID: <19970625004604.1793.qmail@iq.org>
MIME-Version: 1.0
Content-Type: text/plain
Anyone read this book? Apparently the first in-depth investigation
into the international computer underground to come out of the
Southern-Hemisphere - or so I'm told ;) - J.A
Extracts from Underground - The true nature of System X
Extracted from Chapter 10 - "Anthrax - The Outsider"
Note: System X's name has been changed for legal reasons.
Sometimes the time just slipped away, hacking all night. When the first hint
of dawn snuck up on him, he was invariably in the middle of some exciting
journey. But duty was duty, and it had to be done. So Anthrax pressed control
S to freeze his screen, unfurled the prayer mat with its built-in compass,
faced Mecca, knelt down and did two sets of prayers before sunrise. Ten
minutes later he rolled the prayer mat up, slid back into his chair, typed
control Q to release the pause on his computer and picked up where he left
off.
This company's computer system seemed to confirm what he had begun to
suspect. System X was the first stage of a project, the rest of which was
under development. He found a number of tables and reports in System X's
files. The reports carried headers like 'Traffic Analysis', 'calls in' and
'calls out', 'failure rate'. It all began to make sense to Anthrax.
System X called up each of the military telephone exchanges in that list. It
logged in using the computer-generated name and password. Once inside, a
program in System X polled the exchange for important statistics, such as the
number of calls coming in and out of the base. This information was then
stored on System X. Whenever someone wanted a report on something, for
example, the military sites with the most incoming calls over the past 24
hours, he or she would simply ask System X to compile the information. All of
this was done automatically.
Anthrax had read some email suggesting that changes to an exchange, such as
adding new telephone lines on the base, had been handled manually, but this
job was soon to be done automatically by System X. It made sense. The
maintenance time spent by humans would be cut dramatically.
A machine which gathers statistics and services phone exchanges remotely
doesn't sound very sexy on the face of it, until you begin to consider what
you could do with something like that. You could sell it to a foreign power
interested in the level of activity at a certain base at a particular time.
And that is just the beginning.
You could tap any unencrypted line going in or out of any of the 100 or so
exchanges and listen in to sensitive military discussions. Just a few
commands makes you a fly on the wall of a general's conversation to the head
of a base in the Philippines. Anti-government rebels in that country might
pay a pretty penny for getting intelligence on the US forces.
All of those options paled next to the most striking power wielded by a
hacker who had unlimited access to System X and the 100 or so telephone
exchanges. He could take down that US military voice communications system
almost overnight, and he could do it automatically. The potential for havoc
creation was breathtaking. It would be a small matter for a skilled
programmer to alter the automated program used by System X. Instead of using
its dozen or more modems to dial all the exchanges overnight and poll them
for statistics, System X could be instructed to call them overnight and
reprogram the exchanges.
---
No-one would be able to reach one another. An important part of the US
military machine would be in utter disarray. Now, what if all this happened
in the first few days of a war? People trying to contact each other with
vital information wouldn't be able to use the telephone exchanges
reprogrammed by System X.
THAT was power.
It wasn't like Anthrax screaming at his father until his voice turned to a
whisper, all for nothing. He could make people sit up and take notice with
this sort of power.
Hacking a system gave him a sense of control. Getting root on a system always
gave him an adrenalin rush for just that reason. It meant the system was his,
he could do whatever he wanted, he could run whatever processes or programs
he desired, he could remove other users he didn't want using his system. He
thought, I own the system. The word 'own' anchored the phrase which circled
through his thoughts again and again when he successfully hacked a system.
The sense of ownership was almost passionate, rippled with streaks of
obsession and jealousy. At any given moment, Anthrax had a list of systems he
owned and that had captured his interest for that moment. Anthrax hated
seeing a system administrator logging onto one of those systems. It was an
invasion. It was as though Anthrax had just got this woman he had been after
for some time alone in a room with the door closed. Then, just as he was
getting to know her, this other guy had barged in, sat down on the couch and
started talking to her.
It was never enough to look at a system from a distance and know he could
hack it if he wanted to. Anthrax had to actually hack the system. He had to
own it. He needed to see what was inside the system, to know exactly what it
was he owned.
The worst thing admins could do was to fiddle with system security. That made
Anthrax burn with anger. If Anthrax was on-line, silently observing the
adminsÕ activities, he would feel a sudden urge to log them off. He wanted to
punish them. Wanted them to know he was into their system. And yet, at the
same time, he didnÕt want them to know. Logging them off would draw attention
to himself, but the two desires pulled at him from opposite directions. What
Anthrax really wanted was for the admins to know he controlled their system,
but for them not to be able to do anything about it. He wanted them to be
helpless.
Anthrax decided to keep undercover. But he contemplated the power of having
System X's list of telephone exchange dial-ups and their username - password
combinations. Normally, it would take days for a single hacker with his lone
modem to have much impact on the US military's communications network. Sure,
he could take down a few exchanges before the military wised up and started
protecting themselves. It was like hacking a military computer. You could
take out a machine here, a system there. But the essence of the power of
System X was being able to use its own resources to orchestrate widespread
pandemonium quickly and quietly.
Anthrax defines power as the potential for real world impact. At that moment
of discovery and realisation, the real world impact of hacking System X
looked good. The telecommunications company computer seemed like a good place
to hang up a sniffer, so he plugged one into the machine and decided to
return in a little while. Then he logged out and went to bed.
When he revisited the sniffer a day or so later, Anthrax received a rude
shock. Scrolling through the sniffer file, he did a double take on one of the
entries. Someone had logged into the company's system using his special login
patch password.
He tried to stay calm. He thought hard. When was the last time he had logged
into the system using that special password? Could his sniffer have logged
himself on an earlier hacking session? It did happen occasionally. Hackers
sometimes gave themselves quite a fright. In the seamless days and nights of
hacking dozens of systems, it was easy to forget the last time you logged
into a particular system using the special password. The more he thought, the
more he was absolutely sure. He hadn't logged into the system again.
Which left the obvious question. Who had?
________________________________________________________________________
[This extract may be reposted non-commercially and without charge only]
Underground; Tales of Hacking, Madness and Obsession on the Electronic
Frontier, by Suelette Dreyfus; published by Mandarin (Random House
Australia); (P) 475 pages with bib. http://www.underground-book.com/ or
http://underground.org/book
Return to June 1997
Return to “proff@iq.org”
1997-06-25 (Wed, 25 Jun 1997 10:27:56 +0800) - Underground extract: System X - proff@iq.org