 |
|
|
|
|
|
|
Site Navigator |
||||||
"Hacker" is a term of respect in heavy-duty computer circles; "cracker," on the other hand, refers to someone who breaks into computer networks and does damage. |
||||||
Editor's note: Matt Singer is a pseudonym used by the authors of @Large. Willamette Week has learned that the Phantom Dialer's real name is Tim Bach. Bach still lives in Southeast Portland (WW was unable to reach him by phone). He is currently undergoing a diversion program under the supervision of U.S. District Court. If he completes it, he'll get his computer back. The investigation of Tim Bach was the FBI National Computer Crime Squad's first major probe. Ultimately Bach was not prosecuted because it was determined that his goal was not espionage or theft, but simply access. Prosecutors also were concerned that he was not mentally stable enough to stand trial. Bach is living on disability payments from Social Security. He hopes someday to set up an Internet service provider called Quicknet. |
||||||
 |
||||||
Janaka Jayawardena picked up the Phantom Dialer's trail when his students at the Portland Center for Advanced Technology discovered that someone had broken into their computer network. |
||||||
Last weekend, thousands of hackers gathered in Manhattan for the Beyond HOPE (Hackers on Planet Earth) convention, where they exchanged tricks of the trade and schmoozed with corporations eager to hire computer-security experts. |
||||||
Experts worry about the growing use of a type of software called applets, small programs that are sent to computers and then activated. Applets can be used to install Trojan horses, backdoors and viruses. In early 1997, a German computer club demonstrated that applets could be used to trigger automatic cash transfers. |
||||||
Among the things the FBI found in Singer's room, according to @Large: "...mounds of unwashed clothing, grease-sodden pizza boxes, grimy dinner plates with rotting meat, a pan with pancakes swimming in fetid butter, empty soda cans..."On the bulletin boards, nobody knew if you attended a special school or lived on relief or had a stepfather who was going mad in the bedroom next door. |
||||||
The 1995 Internet invasion by Kevin Mitnick received more attention from the media (including a book), but experts consider it far less extensive than Singer's.
In 1995, the FBI estimated that computer crime was costing U.S. businesses $7.5 billion a year. |
||||||
|
N E T C R A C K E R |
|
|
|
|||||||||||||||||||||||||||||
|
|
|
An attack that reached into every corner of the sprawling global network. An attack whose enormous scope was matched only by the bizarre habits of its perpetrator, a Portlander who could barely write his name, whose defective eye-hand coordination guaranteed that he would never get a driver's license, a schizophrenic who lived on Doritos and took showers so seldom that it was physically difficult to be in the same room with him. Yet until this year, when Freedman and Mann published @Large: The Strange Case of the World's Biggest Internet Invasion (Simon & Schuster, 315 pages, $24, ISBN 0.684.82464.7), few knew the full extent of one of the most fascinating intrusions into the computer networks of universities, corporations, banks, Illustration by Melani Ellis What follows is an excerpt from @Large. SAN DIEGO, CALIFORNIA APRIL 1995 Ebulliently striding beneath a banner with the emblem of the Internet Society, [Jeffrey I.] Schiller is a fine public speaker who retails jokes in a distinct Boston accent. Today, though, he's in apocalyptic mode. [Schiller, network manager for the Massachusetts Institute of Technology,] is trying to convince the crowd that computer security is not a threat looming in the distant future, it's a crisis right now, and it's much worse than people realize. At MIT, he explains, we assume our computer networks are being monitored by elements hostile to us. He says, Thousands of people eavesdrop on computer networks every second of every hour. He says, Going after these guys ends up being like stomping cockroaches. It makes you feel good, but there's always more of them. He says, The problems are getting worse by the day. His audience is less than bowled over. Although attendees laugh politely at the funny bits, they don't appear to be engaged by the substance. The inattention is exasperating, given what's at stake here. This isn't about digital pranks or purloined credit card numbers. Using the speed of computers and the astonishing reach of the Internet, a small group--even a single person--could slowly explore the nation's electronic infrastructure, invisibly seizing command of point after point, until all fell under their control. And not only Internet computers are vulnerable--any computer that can be connected to a telephone is at risk. The incursion could knock out a nation's electrical-power grid, telephone network, and air-traffic control system at a stroke; Wall Street and the banking system could fall, too. On an individual level, criminals could reach into hospital networks and change records, causing nurses to give patients the wrong medications. Or they could wipe out credit records and bank accounts. They also uld be more indirect: someone could simply set all the traffic lights in Manhattan to constant red at rush hour--and do it every day for a month. In some sense, though, what worries Schiller most is the threat to the Internet itself. A passionate believer in the ability of computers to contribute to human welfare, he fears that a few big, dangerous security incidents may scare people away from the possibilities of the digital era, leading society to turn its back on the promise of the future. If you truly want to know why you should be scared, Schiller finally says, I have a story for you. PORTLAND, OREGON MARCH 1991 Janaka Jayawardena hit the steps to his office at the crack of noon.... Jammed into a hill by the Willamette River, the Portland Center for Advanced Technology was an almost windowless two-story rectangle, sheathed in brickwork painted in two shades of dull, ceramic blue. The center housed Portland State University's computer-science and electrical engineering departments, and no one affiliated with either of them spent much time outdoors. This included Janaka, the Sri Lankan émigré who maintained the electrical-engineering department's computer network.... About five minutes after Janaka entered the office, his doorway was filled by half a dozen undergraduates--computer-science or electrical-engineering majors who helped run the networks. Janaka stretched back in his swivel chair, making the springs creak, and presented the group with his avuncular smile. Yeeessss?... Wendy Wilhelm took the lead. We've been broken into, she said. The swivel chair snapped into its upright position. The students, Wendy explained, had been in the center last night, working on the burdensome shroud of unfinished administrative tasks that always envelops computer networks. At a certain point they had noticed that an unusual volume of calls was coming through the university's rack of modems to a small, little-used computer on the periphery of the electrical-engineering network. Modems are small devices that transform the electronic signals understood by computers into the kind of signals transmitted through telephone wires; the university kept a dozen or so operating 24 hours a day. Surprised at the traffic, the students inspected the computer--lifted up the hood, so to speak, and looked at the engine. And inside they found someone who called himself "Phantomd." Phantom Dialer had become something known as "root." In practice, anyone on a computer network is either an ordinary user or root. Ordinary users can't do much on the network except work with their own data and execute their own programs. Root, by contrast, has almost limitless power. Root has root access, in the jargon, which means that root can go anywhere, read any file, execute any program. Root users are sometimes called wheels or superusers, but the idea is the same. "God = Root," according to a sticker sometimes found in computer terminal rooms. Root access was invented to let network administrators fix problems from their desks, without having to travel wherever the problem is physically located. Root access lets managers control networks by preventing anyone but root from creating new accounts on the system. Root access ensures that the administrators alone have the ability to adjust the programs at the heart of the network--unless the wrong people become root, which was apparently what happened at Portland State. The system had a new supreme deity.... A few days later, Janaka found himself speaking with Patrick Humphreys, a freshman. Patrick was a marketing major who had taken a computer class and become fascinated by the network; his username, Path (that is, Pat-H, an abbreviation of his real name), was scattered throughout the logs. Janaka reserved a soft spot for computer-smitten kids, having been one himself. On the other hand, if Patrick was Phantom Dialer.... Patrick was blond, soft-spoken, and looked as though he had never needed to shave. He was dressed in the digitally correct uniform of jeans and stained T-shirt, but Janaka had heard that Patrick's father was a lawyer and that his grandfather owned oil-land in California. Patrick denied that he had broken into the network. On the other hand, he said that he might know the culprit. Patrick had a friend from high school named Steve Singer. Steve had this strange brother, Matt, who was deep into computers. And Matt had been bragging about break-ins. Matt wasn't malicious, Patrick thought. But he'd had trouble with computers in the past. He lived with his mother in east Portland.... PORTLAND SUMMER 1991 Bleary-eyed and angry, Janaka flipped through the 3-inch stack of computer paper. He'd had no idea what he was letting himself in for when he decided to eavesdrop on the cracker in his network. He had discovered an account named Anitha on Sunday, June 9. If he had immediately stomped the account, he might have been able to wash his hands of the problem. Instead he had copied the (freely available) source code for Telnet from a computer at Berkeley on Monday. In a daylong bout of programming, he doctored Telnet to record all incoming and outgoing communications from the Anitha account. (Because the modified Telnet recorded all keystrokes, it would pick up the cracker's passwords. In other words, it could be used as a Trojan horse--many cracker tools are sysadmin [system administrator] tools bent to another purpose.) After installing the bugged Telnet, Janaka knocked off for some sleep. He came to the office Tuesday to find a pile of printout on his desk. Curious as ever, Wendy had gone through it first, highlighting the most important parts with Magic Marker and adding color-coded tabs. Janaka was grateful for her work, because otherwise the printout was hard to follow. The tracer recorded letters clearly, but turned to typographic snow when the cracker backspaced, deleted lines, or used the arrow keys. When Anitha connected to another computer, the two machines established contact with a stream of machine-language code that swamped the poor bug. And so on. Nonetheless, Janaka could make out what was happening. The cracker had followed what now seemed to be his pattern: hours on-line, Telnetting all over the nation. But first Anitha had deleted his entry in a special file. When Janaka asked the computer who was using the system, it didn't actually survey itself; instead, it merely listed the current entries in this file. By deleting his entry, Anitha made himself effectively invisible. Many of the sites visited by the cracker were nearby. West of Portland, the wooded foothills of the Cascade Mountains had attracted so many computer-related firms in the 1980s that the area was nicknamed the Silicon Forest. Cogent, Informix, Intel, N-CUBE, Sequent, Tektronix--all in Oregon. Here--Janaka going down the page--Anitha was Telnetting into the Oregon Advanced Computing Institute and the Oregon Center for Advanced Education Technology. Looks like he has an account on ICAET already, this one called Shivap. Probably another dead account. Janaka made a note to call the sysadmin there. Hello, now he's on a chat line. PortChat--Portland Chat, probably. Types in his log-in name: Phantom. Anyone have any codez? Phantom asks on PortChat. Codez with a "z"--teen-age nerd slang for access codes. Nobody on-line responds to the question. Log out. Back to Portland State. Now on a machine called Galileo. Runs through the password file, looking for passwordless accounts. Anitha jumps to a Portland State computer named Walt, where he takes advantage of another account--Husseina--with a dumb, easily guessed password--Ahussein. Bingo, he's inside Walt. Janaka scribbled down the account name. Got to stomp that account. In Walt, Anitha/Phantom/Husseina switches identity again, this time to an account named Operator. Infuriating: Operator was one of Janaka's own accounts, used for backups and other operations. It had root access. Operator scans the system to see which files and programs he owns. Lots of them, it turns out. But then Operator ignores them. Instead he simply messes around in the Portland State system, doubling backward and forward through the maze of computers on the network. It would have been fascinating to watch, if it hadn't been so disconcerting to see how many holes this character had drilled into the network. Next the cracker calls an 800 number. It's an electronic bulletin board, a place where people can leave messages, though they can't talk to each to each other in real time. Instead they post communiques and files. Many bulletin boards are not public; news of their existence circulates by word of mouth in the computer underground. The bulletin board asks for a user ID. "Phantomd," writes the cracker. Phantom-d, Janaka observed, not just Phantom. Phantom Dialer--for it must be the same guy--isn't interested in the material on these bulletin boards. Instead, he Telnets to MIT. MIT had a big-time endeavor called Project Athena that was supposed to represent the future of computing. Phantom Dialer logs into Athena as Athena. He's obviously been there before and has set up an account. Which is interesting, because one of the reasons Athena is supposed to represent the future of computing is its advanced security protocols. Phantom Dialer pokes around Athena, then dials another 800 number. This one belongs, apparently, to a switching computer at a major telephone company. Janaka continued to read the logs, appalled. Once in the switching computer, the cracker dials a 206 number, that's Washington state. Janaka could hardly keep track of how many times the guy had skipped around the country. In Washington, the cracker reached something called Apocalypse Now. Another bulletin board. Hmm...swastikas on the screen..."AXiS WHQ"--what's that? Oh, Axis World Headquaters. Phantom Dialer skips to messages he left during an earlier visit to the bulletin board. These earlier postings consist of a list of account names and passwords for networks across the country. Portland State, of course. The AI lab at MIT. California State University at Fresno. The University of Minnesota. And whoa, check this out: Bolt Beranek and Newman, the high-tech firm that created the Internet and still played a major role in its operation. Phantomd was all over its computers, handing out access to his fellow marauders at Apocalypse Now. Here, Phantom Dialer was saying, use these accounts; take what you want. Come on in, the water's fine. The crackers talk to each other, Janaka thought, dismayed. If a burglar broke into a house, that was a problem. But ordinary thieves didn't copy the keys and mail them to their friends. On-line burglars, by contrast, broadcast passwords on bulletin boards, spraying them out across cyberspace in a fusillade of e-mail. Reading Phantom Dialer's list of Portland State passwords, Janaka felt like a bank manager who discovered that a thief not only had obtained the combination to the vault but had printed it in 12-foot letters on a billboard in Times Square. A few postings later was a message from one Crazy Joe about credit cards. "Well, I usually use cards from Hong Kong Bank or Bank of Canada...." Right after that, several Apocalypse Now members had given out credit card numbers, complete with the names, addresses and card limits of their owners. They had more cards, would exchange for access numbers. Janaka had known that people stole credit card numbers. And he'd understood that other people like to filch computer passwords. It had never occurred to him, though, that they would trade these things like baseball cards--that the same people would swap them around in a heady burble of illicit information. An angry Janaka wanted Phantomd out of his system. If Phantomd was this Matt Singer, as had been suggested earlier, then somebody should lean on the kid. Janaka began the process by deleting the bogus accounts and back doors from the Portland State system. He also got on the telephone. The first group of calls was to the sysadmins of the systems Phantomd had penetrated. The second group was to law-enforcement agencies: city police, state marshals, Secret Service, FBI. The last call was to Patrick Humphreys, the undergraduate who had told him about Matt Singer. It was the strangest thing Rose Singer had ever seen. Her sons--Matt was 3 and Steve was 5--were drawing on rocks and pretending they were computers. Crouched in the yard, they arranged their rock computers like dollhouse furniture. Even then, Steve was the leader in the game and Matt struggled to keep up. After that, their father always seemed to make sure the boys had a computer. Steve had friends, but to Matt, the computer was everything. The first one came when he was 6: a Radio Shack TRS MC-10, with a tiny screen that could not show lower-case letters. To Rose, it seemed useless, an ugly metal box that seemed to swallow the boys whole. They stared at it for hours while Steve typed in their programs. Matt didn't yet have the coordination to type in his own programs, but he was content to watch. His first machine with a modem was a Commodore VIC-20. It connected Matt to computer bulletin boards--to another world. On the bulletin boards nobody knew if you attended a special school or lived on relief or had a stepfather who was going mad in the bedroom next door. You were as good as anyone else. Better, if you could do more tricks with your computer. Learning those tricks took him a long time, of course. But he knew that if he tried for long enough he would eventually reach his goal. Sometimes it took a long time indeed--weeks, months, years. He learned to ignore the frailties of his own body, typing through the pains caused by his ineradicable hepatitis and the shortness of breath from asthma and the dimness of his bad eyes. By patient repetition, by trial and error, by persistently asking questions to other bulletin board users and enduring the often sarcastic replies, by mistyping his way through the commands for hours at a stretch, he gradually taught himself how to climb over the walls that separated one computer system from another. It wasn't so much that Matt lived in his room; it was that he lived in the computer there. Off-line, he had never had a friend; on-line, he was part of a digital community, frequently teased and sometimes respected. Off-line he was limited to his house. When he went outside, he couldn't go far without getting lost; the bright light hurt his eyes. On-line, he could explore freely, without worrying about the consequences; he was a Magellan of cyberspace. When Matt attacked Rose, it was because she had committed the ultimate affront: She yanked the plug on his computer. She was trying to make him go out into 3-D society--a place he had no desire to visit. But the police came, and Matt was committed. At Oregon State Hospital, Matt wasn't allowed near a computer, of course. But when he wasn't in solitary he slipped down the halls at night to a pay phone. Hunched over the receiver at the psychiatric unit, he broke into companies' computerized telephone systems, enabling him to call the voice-message exchanges created by phone hackers, or "phreakers," across the nation. The exchanges were his link to his real existence on-line. "Welcome to Phreaker Central," the opening message would say in the adenoidal rumble of an adolescent boy playing with his recently changed voice. "Eat shit and die, lamers." Listening to the growly tones, he sagged against the wall, dissolving in the sound of freedom. When he got out, computers were outlawed at the halfway house, too. But when the house provided him with a job at the local Veterans Administration, he couldn't help noticing it had a small computer center. On his second day at work, he was caught in front of a monitor. He was trying to use the computer to dial an outbound line. What did they expect him to do?... PORTLAND WINTER 1992 In mid-January Special Agent E. Brent Rasmussen of the Portland branch office of the FBI was telephoned by a gentleman with an Indian name who claimed that someone was breaking into government computers--NASA, NIH, Los Alamos. I've called you guys on this now more than once before, the man said. And you didn't do anything, and now the problem's much worse. Rasmussen wasn't surprised by the man's charges. During his 20 years in the FBI, he had received hundreds of such calls. Although the tips came from honest taxpayers who sincerely believed in the value of their information, most of the reports concerned crimes that were not under FBI jurisdiction, or crimes that had not actually happened, or crimes that were not crimes even if they had happened. When the phone rang, agents picked up the receiver with the expectation, almost always borne out, of wasting time. Not being endowed with second sight, they sometimes guessed wrong. In any case, this time Rasmussen found the story disturbing enough to think of beginning an investigation. He approached Gary Gipson, who supervised white-collar crime for the Portland office. What do you think about going after a hacker? Rasmussen asked. Say what? Gipson asked. We got a hacker. He's apparently inside several government systems. What do I know about hackers? Gipson said. Call the U.S. attorney. This response was predictable; Gipson, who respected Rasmussen's experience, rarely interfered. The U.S. attorney was another matter. Opening an investigation without first determining whether the local U.S. attorney would prosecute the responsible party was like buying a car without first getting a driver's license. High caseloads, legal technicalities, policy decisions, fear of losing--prosecutors had many reasons for declining a case. Getting a refusal, most FBI agents simply moved on to the next investigation. When Rasmussen called the U.S. attorney's office in Portland, he was put through to Charles Stuckey, the assistant U.S. attorney who was on point that day. After Rasmussen ran through the basic details, Stuckey told Rasmussen that he needed a second opinion. A few minutes later he called back and said that they would give this one a pass. Rasmussen was not disposed to listen. In the 1980s, he had ignored the demurrals of local U.S. attorneys and initiated a five-year investigation in Alaska that led to 16 convictions against the most powerful political figures in the state. It was one of the biggest corruption cases in the annals of the Federal Bureau of Investigation. Given this track record, Rasmussen had no intention of letting himself be stopped by what he viewed as prosecutorial laziness. He told Stuckey that the case sounded worthwhile. Aren't these hackers mostly kids having fun? Stuckey asked. What damage did this do, exactly? What if he's a spy? asked Rasmussen. Stuckey thought this was amusing. A spy? Rasmussen waited. If you really want to discuss this, fine, but I don't think... I'll be right over, Rasmussen said. When Rasmussen told Gipson he was heading over to the U.S. attorney's office to twist some arms, Gipson said he'd tag along. Rasmussen was a good man, a real pro, but he could also be short on patience. Rasmussen and Gipson met in a conference room with assistant U.S. attorney Stuckey and another AUSA, Barry Sheldahl. Stuckey and Sheldahl took turns asking questions: Had the hacker stolen anything? Did he transfer any money to himself? Did he get hold of classified information? Did he do any permanent damage to a computer system? Did he threaten anyone? No, Rasmussen said. The salient points, to his mind, were: 1) the hacker had broken federal law; 2) he had entered systems that contained scientific research, government databases, and maybe military information; and 3) he was troubling people across the nation. Most important, by spending 12 hours a day on the machine, he acted like someone looking for something--maybe something to sell to enemies of the United States. The AUSAs held their ground. In the absence of tangible theft, the office couldn't spend time on the case. They had too many real criminals to prosecute. On the way back, Gipson offered to take the case all the way to the U.S. attorney, Charles Turner. But Gipson and Rasmussen both knew that Turner wasn't likely to countermand his AUSAs. Rasmussen went back to his desk to mull it all over. He hadn't been enthusiastic about taking on a hacker case--the crime was as incomprehensible as the technology used to commit it. Nor did he want to tell Portland State that, once again, the FBI would sit on its hands. Afterward, Gipson dropped a sheet of paper on Rasmussen's desk; a routine message from headquarters. One item, circled in pen, described the new National Computer Crime Squad, which was ready to support field offices dealing with hacker cases. The Justice Department had set up a computer-crime office, too. Thought you might find this interesting, was Gipson's comment. JANUARY 1993 With all the evidence in, Scott Charney and Joshua Silverman, prosecutors with the U.S. Justice Department, looked at the Singer case--and blinked. This, they evidently decided, was not the case on which to stake future computer-crime policy. This was not the case to be cited by every hacker's defense attorney for the next 20 years. This was not the case to give to a jury. This was not even a case to plea-bargain with. Who knew what Singer would say when the judge faced him at the sentencing and asked him if he ever intended to break into computers again? Even if the judge let him walk with a suspended sentence, the kid would never stay out of trouble. Either way, he could easily end up having to serve time. He'd last all of 15 minutes behind bars, and then Charney or Silverman would have to explain to the Washington Post why he let a brain-damaged 20-year-old's life end tragically in prison. It didn't matter how anyone in the FBI felt about it. This one was going into the Twilight Zone. They'd take no action whatsoever. A few weeks after the interrogation, Matt moved back to his mother's house. Steve went to visit not long after the move. He went upstairs to his brother's room and saw Matt sitting at his desk, staring out the window. Steve stared at him for a moment. He saw a fence, and some shrubbery behind the fence, and some rocks at the base of the shrubbery. The rocks--they used to pretend rocks were computers. How's it going? Steve eventually asked his brother. Matt didn't move. Hey, Matt? You all right? Matt stared out for another few moments. Then he said, without moving his eyes, When are they going to give it back? Steve began to speak, but he stopped himself. He shrugged, patted Matt on the shoulder, and walked toward the door. Matt turned after him. They still have my computer, he said. When are they going to give it back? |
|
|
|
FROM AT LARGE BY DAVID H. FREEDMAN AND CHARLES C. MANN. COPYRIGHT 1997 BY DAVID H. FREEDMAN AND CHARLES C. MANN. REPRINTED BY PERMISSION OF SIMON & SCHUSTER INC. |
||