Underground: Tales of Hacking, Madness and Obsession from the Electronic Frontier (55 page)

Sometimes it boiled over.

[ ]

Anthrax considered the possibilities of who else would be using his login patch. It could be another hacker, perhaps someone who was running another sniffer that logged Anthrax’s previous login. But it was more likely to be a security admin. Meaning he had been found out.

Meaning that he might be being traced even as he leap-frogged through System X to the telecommunications company’s computer.

Anthrax made his way to the system admin’s mailboxes. If the game was up, chances were something in the mailbox would give it away.

There it was. The evidence. They were onto him all right, and they hadn’t wasted any time. The admins had mailed CERT, the Computer Emergency Response Team at Carnegie Mellon University, reporting a security breach. CERT, the nemesis of every Internet hacker, was bound to complicate matters. Law enforcement would no doubt be called in now.

It was time to get out of this system, but not before leaving in a blaze of glory. A prank left as a small present.

CERT had written back to the admins acknowledging the incident and providing a case number. Posing as one of the admins, Anthrax drafted a letter to CERT. To make the thing look official, he added the case number ‘for reference’. The letter went something like this:

‘In regard to incident no. XXXXX, reported on this date, we have since carried out some additional investigations on the matter. We have discovered the security incident was caused by a disgruntled employee who was fired for alcoholism and decided to retaliate against the company in this manner.

‘We have long had a problem with alcohol and drug abuse due to the stressful nature of the company environment. No further investigation is necessary.’

At his computer terminal, Anthrax smiled. How embarrassing was that going to be? Try scraping that mud off. He felt very pleased with himself.

Anthrax then tidied up his things in the company’s computer, deleted the sniffer and moved out.

Things began to move quickly after that. He logged into System X later to check the sniffer records, only to find that someone had used his login patch password on that system as well. He became very nervous.

It was one thing goofing around with a commercial site, and quite another being tracked from a military computer.

A new process had been added to System X, which Anthrax recognised. It was called ‘-u’. He didn’t know what it did, but he had seen it before on military systems. About 24 hours after it appeared, he found himself locked out of the system. He had tried killing off the -u process before. It disappeared for a split-second and reappeared. Once it was in place, there was no way to destroy it.

Anthrax also unearthed some alarming email. The admin at a site upstream from both System X and the company’s system had been sent a warning letter: ‘We think there has been a security incident at your site’. The circle was closing in on him. It was definitely time to get the hell out. He packed up his things in a hurry. Killed off the remaining sniffer. Moved his files. Removed the login patch. And departed with considerable alacrity.

After he cut his connection, Anthrax sat wondering about the admins.

If they knew he was into their systems, why did they leave the sniffers up and running? He could understand leaving the login patch.

Maybe they wanted to track his movements, determine his motives, or trace his connection. Killing the patch would have simply locked him out of the only door the admins could watch. They wouldn’t know if he had other backdoors into their system. But the sniffer? It didn’t make any sense.

It was possible that they simply hadn’t seen the sniffer. Leaving it there had been an oversight. But it was almost too glaring an error to be a real possibility. If it was an error, it implied the admins weren’t actually monitoring the connections in and out of their systems. If they had been watching the connections, they would probably have seen the sniffer. But if they weren’t monitoring the connections, how on earth did they find out his special password for the login patch? Like all passwords on the system, that one was encrypted. There were only two ways to get that password. Monitor the connection and sniff it, or break the encryption with a brute-force attack.

Breaking the encryption would probably have taken millions of dollars of computer time. He could pretty well rule that option out. That left sniffing it, which would have alerted them to his own sniffer. Surely they wouldn’t have left his sniffer running on purpose. They must have known he would learn they were watching him through his sniffer. The whole thing was bizarre.

Anthrax thought about the admins who were chasing him. Thought about their moves, their strategies. Wondered why. It was one of the unsolved mysteries a hacker often faced--an unpleasant side of hacking. Missing the answers to certain questions, the satisfaction of a certain curiosity. Never being able to look over the fence at the other side.

_________________________________________________________________

Harrisburg Oh Harrisburg

The plant is melting down

The people out in Harrisbug

Are getting out of town

And when this stuff gets in

You cannot get it out

-- from ‘Harrisburg’, on Red Sails in the Sunset by Midnight Oil Anthrax thought he would never get caught. But in some strange way, he also wanted to get caught. When he thought about being busted, he found himself filled with a strange emotion--impatience. Bring on the impending doom and be done with it. Or perhaps it was frustration at how inept his opponents seemed to be. They kept losing his trail and he was impatient with their incompetence. It was more fun outwitting a worthy opponent.

Perhaps he didn’t really want to be caught so much as tracked. Anthrax liked the idea of the police tracking him, of the system administrators pursuing him. He liked to follow the trail of their investigations through other people’s mail. He especially liked being on-line, watching them trying to figure out where he was coming from.

He would cleverly take control of their computers in ways they couldn’t see. He watched every character they typed, every spelling error, every mistyped command, each twist and turn taken in the vain hope of catching him.

He hadn’t been caught back in early 1991, when it seemed everyone was after him. In fact Anthrax nearly gave up hacking and phreaking completely in that year after what he later called ‘The Fear of God’

speech.

Late at night, on a university computer system, he bumped into another hacker. It wasn’t an entirely uncommon experience. Once in a while, hackers recognised another of their kind. Strange connections to strange places in the middle of the night. Inconsistencies in process names and sizes. The clues were visible for those who knew how to find them.

The two hackers danced around each other, trying to determine who the other was without giving away too much information. Finally the mystery hacker asked Anthrax, ‘Are you a disease which affects sheep?’

Anthrax typed the simple answer back. ‘Yes.’

The other hacker revealed himself as Prime Suspect, one of the International Subversives. Anthrax recognised the name. He had seen Prime Suspect around on the BBSes, had read his postings. Before Anthrax could get started on a friendly chat, the IS hacker jumped in with an urgent warning.

He had unearthed emails showing the Feds were closing in on Anthrax.

The mail, obtained from system admins at Miden Pacific, described the systems Anthrax had been visiting. It showed the phone connections he had been using to get to them, some of which Telecom had traced back to his phone. One of the admins had written, ‘We’re on to him. I feel really bad. He’s seventeen years old and they are going to bust him and ruin his life.’ Anthrax felt a cold chill run down his spine.

Prime Suspect continued with the story. When he first came across the email, he thought it referred to himself. The two hackers were the same age and had evidently been breaking into the same systems. Prime Suspect had freaked out over the mail. He took it back to the other two IS hackers, and they talked it through. Most of the description fitted, but a few of the details didn’t seem to make sense. Prime Suspect wasn’t calling from a country exchange. The more they worked it through, the clearer it became that the email must have been referring to someone else. They ran through the list of other options and Anthrax’s name came up as a possibility. The IS hackers had all seen him around a few systems and BBSes. Trax had even spoken to him once on a conference call with another phreaker. They pieced together what they knew of him and the picture fitted. The AFP were onto Anthrax and they seemed to know a lot about him. They had traced his telephone connection back to his house. They knew his age, which implied they knew his name. The phone bills were in his parents’

names, so there may have been some personal surveillance of him. The Feds were so close they were all but treading on his heels. The IS

hackers had been keeping an eye out for him, to warn him, but this was the first time they had found him.

Anthrax thanked Prime Suspect and got out of the system. He sat frozen in the night stillness. It was one thing to contemplate getting caught, to carry mixed emotions on the hypothetical situation. It was another to have the real prospect staring you in the face. In the morning, he gathered up all his hacking papers, notes, manuals--everything. Three trunks’ worth of material. He carried it all to the back garden, lit a bonfire and watched it burn. He vowed to give up hacking forever.

And he did give it up, for a time. But a few months later he somehow found himself back in front of his computer screen, with his modem purring. It was so tempting, so hard to let go. The police had never shown up. Months had come and gone, still nothing. Prime Suspect must have been wrong. Perhaps the AFP were after another hacker entirely.

Then, in October 1991, the AFP busted Prime Suspect, Mendax and Trax.

But Anthrax continued to hack, mostly on his own as usual, for another two years. He reminded himself that the IS hackers worked in a team.

If the police hadn’t nailed him when they busted the others, surely they would never find him now. Further, he had become more skilled as a hacker, better at covering his tracks, less likely to draw attention to himself. He had other rationalisations too. The town where he lived was so far away, the police would never bother travelling all the way into the bush. The elusive Anthrax would remain at large forever, the unvanquished Ned Kelly of the computer underground.

[ ]

Mundane matters were on Anthrax’s mind on the morning of 14 July 1994.

The removalists were due to arrive to take things from the half-empty apartment he had shared with another student. His room-mate had already departed and the place was a clutter of boxes stuffed with clothes, tapes and books.

Anthrax sat in bed half-asleep, half-watching the ‘Today’ show when he heard the sound of a large vehicle pulling up outside. He looked out the window expecting to see the removalists. What he saw instead was at least four men in casual clothes running toward the house.

They were a little too enthusiastic for removalists and they split up before getting to the door, with two men forking off toward opposite sides of the building. One headed for the car port. Another dove around the other side of the building. A third banged on the front door. Anthrax shook himself awake.

The short, stocky guy at the front door was a worry. He had puffy, longish hair and was wearing a sweatshirt and acid-wash jeans so tight you could count the change in his back pocket. Bad ideas raced through Anthrax’s head. It looked like a home invasion. Thugs were going to break into his home, tie him up and terrorise him before stealing all his valuables.

‘Open up. Open up,’ the stocky one shouted, flashing a police badge.

Stunned, and still uncomprehending, Anthrax opened the door. ‘Do you know who WE are?’ the stocky one asked him.

Anthrax looked confused. No. Not sure.

‘The Australian Federal Police.’ The cop proceeded to read out the search warrant.

What happened from this point forward is a matter of some debate. What is fact is that the events of the raid and what followed formed the basis of a formal complaint by Anthrax to the Office of the Ombudsman and an internal investigation within the AFP.

The following is simply Anthrax’s account of how it happened.

The stocky one barked at Anthrax, ‘Where’s your computer?’

‘What computer?’ Anthrax looked blankly at the officer. He didn’t have a computer at his apartment. He used the uni’s machines or friend’s computers.

‘Your computer. Where is it? Which one of your friends has it?’

‘No-one has it. I don’t own one.’

‘Well, when you decide to tell us where it is, you let us know.’

Yeah. Right. If Anthrax did have a hidden computer at uni, revealing its location wasn’t top of the must-do list.

The police pawed through his personal letters, quizzed Anthrax about them. Who wrote this letter? Is he in the computer underground? What’s his address?

Anthrax said ‘no comment’ more times than he could count. He saw a few police moving into his bedroom and decided it was time to watch them closely, make sure nothing was planted. He stood up to follow them in and observe the search when one of the cops stopped him. Anthrax told them he wanted a lawyer. One of the police looked on with disapproval.

‘You must be guilty,’ he told Anthrax. ‘Only guilty people ask for lawyers. And here I was feeling sorry for you.’

Then one of the other officers dropped the bomb. ‘You know,’ he began casually, ‘we’re also raiding your parents’ house ...’

Anthrax freaked out. His mum would be hysterical. He asked to call his mother on his mobile, the only phone then working in the apartment.

The police refused to let him touch his mobile. Then he asked to call her from the pay phone across the street. The police refused again.

One of the officers, a tall, lanky cop, recognised a leverage point if ever he saw one. He spread the guilt on thick.