<(cDc)> TWGSC: <209>/526-3194 <(cDc)> ------------------------------ BLINDMAN'S BLUFF, HACKER STYLE ------------------------------ From, Out of the Inner Circle, by Bill Landreth. THE SCENE: The control room in the computer center of one of the largest corporations in the world - an automobile manufacture wi'll call MegaCar International. THE TIME: 12:30 a.m. - the beggining of the graveyard shift. Al, a system operator, has just arrived for work. He signs in with the armed guard at the security console located between the main entrance to the building and the hallway that leads to the computer center. Halfway down the hall, he shows his ID badge to another guard, then passes in front of twin television cameras at the entrance to the computer center. Before entering the control room, he goes through another, identical, set of security procedures. There are good reasons for the tight security that surronds Al's workstation: He controls access to the computers that hold information worth billions of dollars to MegaCar International - and to MegaCar's competitors. Every night, the mainframes, minicomputers, and workstations of MegaCar's worldwide computer network process scores of secret details on next year's automobile designs, along with dozens of high-level, strategic electronic memos and thousands of scraps of financial and technical information. This control center is the "brain" of the worldwide network, where everything comes together. It is also where the most intense action takes place when things go wrong. Common problems are handled by specialized troubleshooting computers, or by system operators at local and reginal computer centers around the world. But if the troubleshooting computers break down, or the local system operators can't pinpoint the problem, or the network itself runs into trouble, then Al and his collegues must figure out what to do to keep the numbers crunching and the data flowing. Despite his title, Al is no typical "system operator." His actual duties would probably suggest the title of security officer or on-call handyman. In addition to keeping the printers full of paper, keeping track of the reels of magnetic tape, and helping users out with minor problems (as all system operators must do), Al is one of several highly trained support people who are on call twenty-four hours a day to resolve any potential hangups or security breaches in and among the many "nodes" of MegaCar's eletronic "filing cabinets." But whether or not your job includes watching for intruders, being a system operator on the graveyard shift means going through long periods of inactivity punctuated by brief periods of frenzied work. Al isn't anticipationg anything different tonight. Seated in front of a bank of computer terminals, a cup of coffee in one hand and a printout of the evening's computer activites in the other, he prepares for another uneventful round of crossword puzzles and solitaire, with perhpas some troubleshooting thrown in. Like some system operators, though, since he really likes computers and thinks of them both a hobby and a profession, tonight he is planning a special diverstion: COBOL, instead of cards. But on this particular night the routine is broken by some puzzling activity on a VAX superminicomputer at the corporation's top-secret research center. George, Al's collegue at the neighboring station, is browsing through the usage logs that record the activity of all the computers in MegaCar's far-flung network. As he does, he happens to notcie that the VAX is working hard - very hard. Even though the log shows only one person using the computer, the workload on the machine's central processor is high enough for ten or more users. It all starts with a few quiet words. "Al, I think something weird is happening on the net." "Which node?" Al replies, puttiong down his COBOL text and mentally preparing for a debugging job that might take thrity seconds, and then again might take all night, to clean up the problem. "4316. That's one of the R&D hosts in New York." "The New York VAX? What's wrong?" "I don't know. WHy don't you echo terminal 23 and see what you can make of it?" "Right." Al pulls his chair closer to his computer console, puts both hands on the keyboard, and rapidly taps out string of commands. Then he sits back and watches the central display monitor, as row after row of glowing green letters and numbers march across the screen. The central monitor is showing him everything that is happening on the VAX computer halfway across the country, in New York. After a few seconds, Al reaches for a telephone. "George, get me the name and home phone number of account STD123." Al's voice betrays his concern. HIs simple check of the activity on the VAX has made it obvious that something is wrong. The exact nature of the problem is not clear, but Al is certain that this is no run-of-the-mill software glitch. Either someone has been authorized to use excessive amounts of computer time every hour without letting the sytem operators know - or someone is doing something they shouldn't be doing with that computer. As soon as the account holder's name and phone number appear on his screen, Al makes the call. "Hello, Dr. Saunders? This is Al Frankston, the head system ooperator at the computer center. Sorry to disturb you at this hour, but we're reading some strange activity on the VAX. Are you using your account on that computer right now?" Like many other high-lvel personnel at the research center, Dr. Saunders has a computer terminal at home, so he can use the central computer via telephone link if he wants to have access to the day's research results or continue his own research. Al and George look at each other, as if to say, "Are you thinking what I'm thinking?" George listens to Al's phone conversation with interest as he continues to study the computer display still echoing the VAX's puzzling activity. "Thank you," Al replies, as Dr. Saunders confirms that he is, indeed, using the VAX. "OH, one more thing," he adds, "Would you tell me your social security number?...No, it isn't anything significant. It's just a little mix-up with our user account numbers. We'll have it straightened out by morning. Good night." Although he can see the same thing Al sees by looking at the display screen of his own console, George wheels his chair over to Al's station and watches with raised eyebrows as Al verifies the social security number he's been given. "It checks out," Al says, sounding puzzled. "You mean Dr. Saunders really is logged on now?" George asks, almost disapointed. "I was half hoping the account was being used by that hacker we almost caught last week." Al looks back at his screen. "No, I guess not...But there has to be a reason for that phantom time," he mubmles, scratching his chin. A loud voice suddenly breaks the quiet in the control room. "Hey Al!" a technician half shouts from the other side of the room. "There's a message for you coming over the laser printer. I think you better come and look at it." "Al and George exchange a quick glance, knowing looks creeping onto their faces. They leave their workstations and walk to a printer about the size of a washing machine. Pieces of paper are quietly dropping onto a large bin at the rate of about one sheet per second. George grabs one of the pages. There is a large headline at the top: "A note to the chief system operator on duty." Below that, in slightly smaller type, are the words "Please make sure the sysop reads this. Thank you." IN normal type, the message continues: "It should be noted that computer print-outs currently are not legal evidence in court." George starts to read the message aloud, his voice a mixture of annoyance, admiration, and puzzlement. "It is our opinion that you should be more careful about your sesign plans for the TRX project." HIs voice drops and grows more serious as he reads the next sentence. "One of us suggested that maybe we should sell the information to another car company." Now, Al starts reading over George's shoulder - and they both read ssilently. "Several of us don't think there is anything wrong with ripping off a company as big as yours. But some of us think that industrial espionage would break our unwritten hacker laws. We may vote on the subject in the near future. In any case, we would like to have one or more unlimited user accounts so that we do not have to go to the trouble of calling your ALF node by way of SYSNET12. We can't use 1200 baud through SYSNET12. Of course, if you decide to grant us a little assistance of this sort, it could be that we would all be more kindly disposed toward your institution when we vote on what to do with the TRX data." "What do you think?" aks George. Al is leafing through the now very large pile of paper in the output bin. "They're all the same. What's TRX?" George thinks momentarily. "I don't know. They must have made it up. It has to be a bluff." Seconds later, as if on cue, another printer starts shooting out more sheets of paper. Al looks grim when he sees what these latest mystery sheets have to say. "Well, maybe they're bluffing about selling the stuff, but I don't think they're bluffing about having it. These look suspiciously like design memos for next year's car!" Al studies the new sheets for a minute, then continues, tension rising in his voice. "We still don't know where those hackers are! All we know is, they're not using Dr. Saunder's account." Suddenly, a new through dawns on them, and they almost run in their hurry to get back to their workstations. Both sysops look at their screens. "They may have altered the monitor program on my terminal so I cna't find them or their account," Al mutters, souinding hopeful. "But if they did, they may not have changed the programs that run on our other terminals. I 'm going to break out of my version and use some of the other monitoring programs - see if there is anything different between mine and the other's log-on sequences or lists of account names." After several minutes of frantic typing, George walks over to Al's station. He looks at the screen, pondering something, then he walks back to his own station, glances at his own screen, and bursts out in suprise, "Someone new is logging onto the VAX. Turn your monitor program back on." Al stops checking and runs his monitoring program. "That 'someone' is using an old test account. I could have sworn we killed them all months ago," he says. George is watching the same display. "Funny, but I thought so, too. Either we let that one slip, or those hackers reactivated it. But it doesn't make any difference. No one's authorized to use that account now anyway, so..." "Right. So we have our hacker!" Al sounds proud of himself. He has been worried, but now the game is over. "Let's break in and let him know how we feel before we throw him off the system." "Oh, yeah," says George sarcastically. "And while you're at it, ask him how he got that valuable data." George holds up one finger, as if counting. "And then see what he plans on doing with it." He holds up a second finger. "And find out how..." Al inturrupts: "Okay, okay. So we still have a lot of work to do. Let's get started." They both go over to a single terminal and Al starts to type. He uses the monitoring program to trace the source of the intrusion, then gives the system a few commands that allow him to break in and communicate with the person using the unauthorized account. Then, he types: "OK. We know who you are and what you did. Either cooperate or we will press full charges." After a short pause, a rapidly typed reply apprears on the display screen: "Year, sure. I guess you guys are just too smart for me. Anyway, all humor aside, I was just sent to this account by my friends to get your reply to our offer. Have you decided to give us those unlimted accounts yet?" Al chuckles while he types: "Why should we? We can just have you arrested! Besides, it isn't our computer. We can't just decide to assign an unlimted account to somebody outside the corporation." The hacker types back: "Oh, so you'll just call up the police and say, 'There's this hacker on our system and we suspect he just may be somewhere in the 50 states. We can't be sure exactly where...?' It's never worked before, but what the hell - go ahead and try. It'll be fun. Meanwhile we'll play with this TRX stuff." George now pushes in front of Al and commandeers the keyboard, typing: "We have you traced. We know who you are and where you are. We just want to ask you a few questions." "About security, right?" the hacker types back. "Well, I'm sure you will have no more security problems if you help us out. You have fairly good security without our advice. Only the best could have done what we've done. And that's who we are: the best. So I guess you could say that your future security problems are pretty much up to us. There is another possibility, though." George, still at the keyboard, hesitates a moment, then types back: "And what's that?" "Well, we could post our information about your system on a few bulletin boards. Then a few hundred lesser talents would try to log on. I'll be a crasher would have fun with this VAX or that beautiful DEC-20 in Detroit. And there's always the possiblity that another large car company would let us use their system in exchange for the dat we have. You can never tell about these things." Al is not amused. He snaps a pencil in half whle thinking over a reply. Geroge is almost speechless. Arrogant little..." he is beginning to say, when Al finially types: "We'll have to think about this. You guys might just be half as smart as you think you are. By the way, how do we reach you? Can you give us your phone number?" "I'm glad the bad news hasn't ruined your sense of humor," replies the distant adversary. "Let's just say that we'll get in touch in our own way, in our own time. The way we always do. In the meantime, I guess it wouldn't hurt to give you a little tidbit for your trouble. Why don't you tell all your users that SECRET is a lousy choice for a password? I'll bet I've crakced a dozen systems with that one. Stay tuned and keep designing those sexy cars. Bye." Although, in actuality, hackers and most system operators tend to speak in a much less comprehensible language, and most hacking experiences tend to involve much less conspicuous companies, hackers did manage to find and look at secret sdesign specifications and test results. These particular hackers did not attempt, or ever intend, to sell or trade "MegaCar's" priceless files to a competitor...but someone else might not have been so "honorable." That's the point of this book, and if you are concerned about computer security, whether as a computer profession or as interested citizen, I hope you will benefit from what I learned as The Cracker, inside the Inner Circle.