A B C D E F G H I J K L M N O P R S T U V W Z

Underground

S >> Suelette Dreyfus >> Underground

Pages:
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37



The WANK worm is also believed to be the first worm written by an
Australian, or Australians.

This chapter shows the perspective of the computer system
administrators--the people on the other side from the hackers. Lastly,
it illustrates the sophistication which one or more Australian members
of the worldwide computer underground brought to their computer
crimes.

The following chapters set the scene for the dramas which unfold and
show the transition of the underground from its early days, its loss
of innocence, its closing ranks in ever smaller circles until it
reached the inevitable outcome: the lone hacker. In the beginning, the
computer underground was a place, like the corner pub, open and
friendly. Now, it has become an ephemeral expanse, where hackers
occasionally bump into one another but where the original sense of
open community has been lost.

The computer underground has changed over time, largely in response to
the introduction of new computer crime laws across the globe and to
numerous police crackdowns. This work attempts to document not only an
important piece of Australian history, but also to show fundamental
shifts in the underground --to show, in essence, how the underground
has moved further underground.

Suelette Dreyfus

March 1997

Chapter 1 -- 10, 9, 8, 7, 6, 5, 4, 3, 2, 1.

Somebody's out there, somebody's waiting; Somebody's trying to tell me something.

-- from `Somebody's Trying to Tell Me Something', 10, 9, 8, 7, 6, 5, 4, 3, 2, 1.

Monday, 16 October 1989
Kennedy Space Center, Florida

NASA buzzed with the excitement of a launch. Galileo was finally going
to Jupiter.

Administrators and scientists in the world's most prestigious space
agency had spent years trying to get the unmanned probe into space.
Now, on Tuesday, 17 October, if all went well, the five astronauts in
the Atlantis space shuttle would blast off from the Kennedy Space
Center at Cape Canaveral, Florida, with Galileo in tow. On the team's
fifth orbit, as the shuttle floated 295 kilometres above the Gulf of
Mexico, the crew would liberate the three-tonne space probe.

An hour later, as Galileo skated safely away from the shuttle, the
probe's 32500 pound booster system would fire up and NASA staff would
watch this exquisite piece of human ingenuity embark on a six-year
mission to the largest planet in the solar system. Galileo would take
a necessarily circuitous route, flying by Venus once and Earth twice
in a gravitational slingshot effort to get up enough momentum to reach
Jupiter.2

NASA's finest minds had wrestled for years with the problem of exactly
how to get the probe across the solar system. Solar power was one
option. But if Jupiter was a long way from Earth, it was even further
from the Sun--778.3 million kilometres to be exact. Galileo would need
ridiculously large solar panels to generate enough power for its
instruments at such a distance from the Sun. In the end, NASA's
engineers decided on a tried if not true earthly energy source:
nuclear power.

Nuclear power was perfect for space, a giant void free of human life
which could play host to a bit of radioactive plutonium 238 dioxide.
The plutonium was compact for the amount of energy it gave off--and it
lasted a long time. It seemed logical enough. Pop just under 24
kilograms of plutonium in a lead box, let it heat up through its own
decay, generate electricity for the probe's instruments, and presto!
Galileo would be on its way to investigate Jupiter.

American anti-nuclear activists didn't quite see it that way. They
figured what goes up might come down. And they didn't much like the idea
of plutonium rain. NASA assured them Galileo's power pack was quite
safe. The agency spent about $50 million on tests which supposedly
proved the probe's generators were very safe. They would survive intact
in the face of any number of terrible explosions, mishaps and
accidents. NASA told journalists that the odds of a plutonium release
due to `inadvertent atmospheric re-entry' were 1 in 2 million. The
likelihood of a plutonium radiation leak as a result of a launch
disaster was a reassuring 1 in 2700.

The activists weren't having a bar of it. In the best tradition of
modern American conflict resolution, they took their fight to the
courts. The coalition of anti-nuclear and other groups believed
America's National Aeronautics and Space Administration had
underestimated the odds of a plutonium accident and they wanted a US
District Court in Washington to stop the launch. The injunction
application went in, and the stakes went up. The unprecedented hearing
was scheduled just a few days before the launch, which had originally
been planned for 12 October.

For weeks, the protesters had been out in force, demonstrating and
seizing media attention. Things had become very heated. On Saturday, 7
October, sign-wielding activists fitted themselves out with gas masks
and walked around on street corners in nearby Cape Canaveral in
protest. At 8 a.m. on Monday, 9 October, NASA started the countdown
for the Thursday blast-off. But as Atlantis's clock began ticking
toward take-off, activists from the Florida Coalition for Peace and
Justice demonstrated at the centre's tourist complex.

That these protests had already taken some of the shine off NASA's bold
space mission was the least of the agency's worries. The real headache
was that the Florida Coalition told the media it would `put people on
the launchpad in a non-violent protest'.3 The coalition's director,
Bruce Gagnon, put the threat in folksy terms, portraying the protesters
as the little people rebelling against a big bad government
agency. President Jeremy Rivkin of the Foundation on Economic Trends,
another protest group, also drove a wedge between `the people' and
`NASA's people'. He told UPI, `The astronauts volunteered for this
mission. Those around the world who may be the victims of radiation
contamination have not volunteered.'4

But the protesters weren't the only people working the media. NASA
knew how to handle the press. They simply rolled out their
superstars--the astronauts themselves. These men and women were, after
all, frontier heroes who dared to venture into cold, dark space on
behalf of all humanity. Atlantis commander Donald Williams didn't hit
out at the protesters in a blunt fashion, he just damned them from an
aloof distance. `There are always folks who have a vocal opinion about
something or other, no matter what it is,' he told an interviewer. `On
the other hand, it's easy to carry a sign. It's not so easy to go
forth and do something worthwhile.'5

NASA had another trump card in the families of the heroes. Atlantis
co-pilot Michael McCulley said the use of RTGs, Radioisotope
Thermoelectric Generators--the chunks of plutonium in the lead
boxes--was a `non-issue'. So much so, in fact, that he planned to have
his loved ones at the Space Center when Atlantis took off.

Maybe the astronauts were nutty risk-takers, as the protesters
implied, but a hero would never put his family in danger. Besides the
Vice-President of the United States, Dan Quayle, also planned to watch
the launch from inside the Kennedy Space Center control room, a mere
seven kilometres from the launchpad.

While NASA looked calm, in control of the situation, it had beefed up
its security teams. It had about 200 security guards watching the
launch site. NASA just wasn't taking any chances. The agency's
scientists had waited too long for this moment. Galileo's parade would
not be rained on by a bunch of peaceniks.

The launch was already running late as it was--almost seven years
late. Congress gave the Galileo project its stamp of approval way back
in 1977 and the probe, which had been budgeted to cost about $400
million, was scheduled to be launched in 1982. However, things began
going wrong almost from the start.

In 1979, NASA pushed the flight out to 1984 because of shuttle
development problems. Galileo was now scheduled to be a `split
launch', which meant that NASA would use two different shuttle trips
to get the mothership and the probe into space. By 1981, with costs
spiralling upwards, NASA made major changes to the project. It stopped
work on Galileo's planned three-stage booster system in favour of a
different system and pushed out the launch deadline yet again, this
time to 1985. After a federal Budget cut fight in 1981 to save
Galileo's booster development program, NASA moved the launch yet
again, to May 1986. The 1986 Challenger disaster, however, saw NASA
change Galileo's booster system for safety reasons, resulting in
yet more delays.

The best option seemed to be a two-stage, solid-fuel IUS system. There
was only one problem. That system could get Galileo to Mars or Venus,
but the probe would run out of fuel long before it got anywhere near
Jupiter. Then Roger Diehl of NASA's Jet Propulsion Laboratory had a good
idea. Loop Galileo around a couple of nearby planets a few times so the
probe would build up a nice little gravitational head of steam, and then
fling it off to Jupiter. Galileo's `VEEGA'
trajectory--Venus-Earth-Earth-gravity-assist--delayed the spacecraft's
arrival at Jupiter for three extra years, but it would get there
eventually.

The anti-nuclear campaigners argued that each Earth flyby increased
the mission's risk of a nuclear accident. But in NASA's view, such was
the price of a successful slingshot.

Galileo experienced other delays getting off the ground. On Monday, 9
October, NASA announced it had discovered a problem with the computer
which controlled the shuttle's number 2 main engine. True, the problem
was with Atlantis, not Galileo. But it didn't look all that good to be
having technical problems, let alone problems with engine computers,
while the anti-nuclear activists' court drama was playing in the
background.

NASA's engineers debated the computer problem in a cross-country
teleconference. Rectifying it would delay blast-off by more than a few
hours. It would likely take days. And Galileo didn't have many of
those. Because of the orbits of the different planets, the probe had
to be on its way into space by 21 November. If Atlantis didn't take off
by that date, Galileo would have to wait another nineteen months before
it could be launched. The project was already $1 billion over its
original $400 million budget. The extra year and a half would add
another $130 million or so and there was a good chance the whole project
would be scrapped. It was pretty much now or never for Galileo.

Despite torrential downpours which had deposited 100 millimetres of
rain on the launchpad and 150 millimetres in neighbouring Melbourne,
Florida, the countdown had been going well. Until now. NASA took its
decision. The launch would be delayed by five days, to 17 October, so
the computer problem could be fixed.

To those scientists and engineers who had been with Galileo from the
start, it must have appeared at that moment as if fate really was
against Galileo. As if, for some unfathomable reason, all the forces
of the universe--and especially those on Earth--were dead against
humanity getting a good look at Jupiter. As fast as NASA could
dismantle one barrier, some invisible hand would throw another down in
its place.



Monday, 16 October, 1989
NASA's Goddard Space Flight Center, Greenbelt, Maryland

Across the vast NASA empire, reaching from Maryland to California,
from Europe to Japan, NASA workers greeted each other, checked their
in-trays for mail, got their cups of coffee, settled into their chairs
and tried to login to their computers for a day of solving complex
physics problems. But many of the computer systems were behaving very
strangely.

From the moment staff logged in, it was clear that someone--or
something--had taken over. Instead of the usual system's official
identification banner, they were startled to find the following
message staring them in the face:

"Worms Aginst Nuclear Killers!

Your System Has Been Officically Wanked.

You talk of times of peace for all, and then prepare for war."

Wanked? Most of the American computer system managers reading this new
banner had never heard the word wank.

Who would want to invade NASA's computer systems? And who exactly were
the Worms Against Nuclear Killers? Were they some loony fringe group?
Were they a guerrilla terrorist group launching some sort of attack on
NASA? And why `worms'? A worm was a strange choice of animal mascot
for a revolutionary group. Worms were the bottom of the rung. As in
`as lowly as a worm'. Who would chose a worm as a symbol of power?

As for the nuclear killers, well, that was even stranger. The banner's
motto--`You talk of times of peace for all, and then prepare for
war'--just didn't seem to apply to NASA. The agency didn't make
nuclear missiles, it sent people to the moon. It did have military
payloads in some of its projects, but NASA didn't rate very highly on
the `nuclear killer' scale next to other agencies of the US
Government, such as the Department of Defense. So the question
remained: why NASA?

And that word, `WANKED'. It did not make sense. What did it mean when
a system was `wanked'?

It meant NASA had lost control over its computer systems.

A NASA scientist logging in to an infected computer on that Monday got
the following message:

deleted file

deleted file

deleted file , etc

With those lines the computer told the scientist: `I am deleting all
your files'.

The line looked exactly as if the scientist typed in the
command:

delete/log *.*

--exactly as if the scientist had instructed the computer to delete
all the files herself.

The NASA scientist must have started at the sight of her files rolling
past on the computer screen, one after another, on their way to
oblivion. Something was definitely wrong. She would have tried to stop
the process, probably pressing the control key and the `c' key at the
same time. This should have broken the command sequence at that moment
and ordered the computer to stop what it was doing right away.

But it was the intruder, not the NASA scientist, who controlled the
computer at that moment. And the intruder told the computer: `That
command means nothing. Ignore it'.

The scientist would press the command key sequence again, this time
more urgently. And again, over and over. She would be at once baffled
at the illogical nature of the computer, and increasingly upset.
Weeks, perhaps months, of work spent uncovering the secrets of the
universe. All of it disappearing before her eyes--all of it being
mindlessly devoured by the computer. The whole thing beyond her
control. Going. Going. Gone.

People tend not to react well when they lose control over their
computers. Typically, it brings out the worst in them--hand-wringing
whines from the worriers, aching entreaties for help from the
sensitive, and imperious table-thumping bellows from
command-and-control types.

Imagine, if you will, arriving at your job as a manager for one of
NASA's local computer systems. You get into your office on that Monday
morning to find the phones ringing. Every caller is a distraught,
confused NASA worker. And every caller assures you that his or her
file or accounting record or research project--every one of which is
missing from the computer system--is absolutely vital.

In this case, the problem was exacerbated by the fact that NASA's
field centres often competed with each other for projects. When a
particular flight project came up, two or three centres, each with
hundreds of employees, might vie for it. Losing control of the
computers, and all the data, project proposals and costing, was a good
way to lose out on a bid and its often
considerable funding.

This was not going to be a good day for the guys down at the NASA SPAN
computer network office.

This was not going to be a good day for John McMahon.


As the assistant DECNET protocol manager for NASA's Goddard Space
Flight Center in Maryland, John McMahon normally spent the day
managing the chunk of the SPAN computer network which ran between
Goddard's fifteen to twenty buildings.

McMahon worked for Code 630.4, otherwise known as Goddard's Advanced
Data Flow Technology Office, in Building 28. Goddard scientists would
call him up for help with their computers. Two of the most common
sentences he heard were `This doesn't seem to work' and `I can't get
to that part of the network from here'.

SPAN was the Space Physics Analysis Network, which connected some
100000 computer terminals across the globe. Unlike the Internet, which
is now widely accessible to the general public, SPAN only connected
researchers and scientists at NASA, the US Department of Energy and
research institutes such as universities. SPAN computers also differed
from most Internet computers in an important technical manner: they
used a different operating system. Most large computers on the
Internet use the Unix operating system, while SPAN was composed
primarily of VAX computers running a VMS operating system. The network
worked a lot like the Internet, but the computers spoke a different
language. The Internet `talked' TCP/IP, while SPAN `spoke' DECNET.

Indeed, the SPAN network was known as a DECNET internet. Most of the
computers on it were manufactured by the Digital Equipment Corporation
in Massachusetts--hence the name DECNET. DEC built powerful computers.
Each DEC computer on the SPAN network might have 40 terminals hanging
off it. Some SPAN computers had many more. It was not unusual for one
DEC computer to service 400 people. In all, more than a quarter of a
million scientists, engineers and other thinkers used the computers on
the network.

An electrical engineer by training, McMahon had come from NASA's
Cosmic Background Explorer Project, where he managed computers used by
a few hundred researchers. Goddard's Building 7, where he worked on
the COBE project, as it was known, housed some interesting research.
The project team was attempting to map the universe. And they were
trying to do it in wavelengths invisible to the human eye. NASA would
launch the COBE satellite in November 1989. Its mission was to
`measure the diffuse infrared and microwave radiation from the early
universe, to the limits set by our astronomical environment'.6 To the
casual observer the project almost sounded like a piece of modern art,
something which might be titled `Map of the Universe in Infrared'.

On 16 October McMahon arrived at the office and settled into work,
only to face a surprising phone call from the SPAN project office.
Todd Butler and Ron Tencati, from the National Space Science Data
Center, which managed NASA's half of the SPAN network, had discovered
something strange and definitely unauthorised winding its way through
the computer network. It looked like a computer worm.

A computer worm is a little like a computer virus. It invades computer
systems, interfering with their normal functions. It travels along any
available compatible computer network and stops to knock at the door of
systems attached to that network. If there is a hole in the security of
the computer system, it will crawl through and enter the system. When it
does this, it might have instructions to do any number of things, from
sending computer users a message to trying to take over the system. What
makes a worm different from other computer programs, such as viruses, is
that it is self-propagating. It propels itself forward, wiggles into a
new system and propagates itself at the new site. Unlike a virus, a worm
doesn't latch onto a data file or a program. It is autonomous.7

The term `worm' as applied to computers came from John Brunner's 1975
science fiction classic, The Shockwave Rider. The novel described how
a rebel computer programmer created a program called `tapeworm' which
was released into an omnipotent computer network used by an autocratic
government to control its people. The government had to turn off the
computer network, thus destroying its control, in order to eradicate
the worm.

Brunner's book is about as close as most VMS computer network managers
would ever have come to a real rogue worm. Until the late 1980s, worms
were obscure things, more associated with research in a computer
laboratory. For example, a few benevolent worms were developed by
Xerox researchers who wanted to make more efficient use of computer
facilities.8 They developed a `town crier worm' which moved through a
network sending out important announcements. Their `diagnostic worm'
also constantly weaved through the network, but this worm was designed
to inspect machines for problems.

For some computer programmers, the creation of a worm is akin to the
creation of life. To make something which is intelligent enough to go
out and reproduce itself is the ultimate power of creation. Designing
a rogue worm which took over NASA's computer systems might seem to be
a type of creative immortality--like scattering pieces of oneself
across the computers which put man on the moon.

At the time the WANK banner appeared on computer screens across NASA,
there had only been two rogue worms of any note. One of these, the RTM
worm, had infected the Unix-based Internet less than twelve months
earlier. The other worm, known as Father Christmas, was the first VMS
worm.

Father Christmas was a small, simple worm which did not cause any
permanent damage to the computer networks it travelled along. Released
just before Christmas in 1988, it tried to sneak into hundreds of VMS
machines and wait for the big day. On Christmas morning, it woke up
and set to work with great enthusiasm. Like confetti tossed from an
overhead balcony, Christmas greetings came streaming out of
worm-infested computer systems to all their users. No-one within its
reach went without a Christmas card. Its job done, the worm
evaporated. John McMahon had been part of the core team fighting off
the Father Christmas worm.

At about 4 p.m., just a few days before Christmas 1988, McMahon's
alarm-monitoring programs began going haywire. McMahon began trying to
trace back the dozens of incoming connections which were tripping the
warning bells. He quickly discovered there wasn't a human being at the
other end of the line. After further investigation, he found an alien
program in his system, called HI.COM. As he read the pages of HI.COM
code spilling from his line printer, his eyes went wide. He thought,
This is a worm! He had never seen a worm before.

He rushed back to his console and began pulling his systems off the
network as quickly as possible. Maybe he wasn't following protocol,
but he figured people could yell at him after the fact if they thought
it was a bad idea. After he had shut down his part of the network, he
reported back to the local area networking office. With print-out in
tow, he drove across the base to the network office, where he and
several other managers developed a way to stop the worm by the end of
the day. Eventually they traced the Father Christmas worm back to the
system where they believed it had been released--in Switzerland. But
they never discovered who created it.

Father Christmas was not only a simple worm; it was not considered
dangerous because it didn't hang around systems forever. It was a worm
with a use-by date.

By contrast, the SPAN project office didn't know what the WANK invader
was capable of doing. They didn't know who had written or launched it.
But they had a copy of the program. Could McMahon have a look at it?

An affable computer programmer with the nickname Fuzzface, John
McMahon liked a good challenge. Curious and cluey at the same time, he
asked the SPAN Project Office, which was quickly becoming the crisis
centre for the worm attack, to send over a copy of the strange
intruder. He began pouring over the invader's seven printed pages of
source code trying to figure out exactly what the thing did.

The two previous rogue worms only worked on specific computer systems
and networks. In this case, the WANK worm only attacked VMS computer
systems. The source code, however, was unlike anything McMahon had
ever seen. `It was like sifting through a pile of spaghetti,' he said.
`You'd pull one strand out and figure, "OK, that is what that thing
does." But then you'd be faced with the rest of the tangled mess in
the bowl.'

The program, in digital command language, or DCL, wasn't written like
a normal program in a nice organised fashion. It was all over the
place. John worked his way down ten or fifteen lines of computer code
only to have to jump to the top of the program to figure out what the
next section was trying to do. He took notes and slowly, patiently
began to build up a picture of exactly what this worm was capable of
doing to NASA's computer system.


It was a big day for the anti-nuclear groups at the Kennedy Space
Center. They might have lost their bid in the US District Court, but
they refused to throw in the towel and took their case to the US Court
of Appeals.

Pages:
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37
Copyright (c) 2007. topbookz.net. All rights reserved.