By McMahon's estimate, the WANK worm had incurred up to half a million dollars in costs. Most of these were through people wasting time and resources chasing the worm instead of doing their normal jobs. The worm was, in his view, a crime of theft. `People's time and resources had been wasted,' he said. `The theft was not the result of the accident. This was someone who deliberately went out to make a mess.

`In general, I support prosecuting people who think breaking into machines is fun. People like that don't seem to understand what kind of side effects that kind of fooling around has. They think that breaking into a machine and not touching anything doesn't do anything. That is not true. You end up wasting people's time. People are dragged into the office at strange hours. Reports have to be written. A lot of yelling and screaming occurs. You have to deal with law enforcement. These are all side effects of someone going for a joy ride in someone else's system, even if they don't do any damage. Someone has to pay the price.'

McMahon never found out who created the WANK worm. Nor did he ever discover what he intended to prove by releasing it. The creator's motives were never clear and, if it had been politically inspired, no-one took credit.

The WANK worm left a number of unanswered questions in its wake, a number of loose ends which still puzzle John McMahon. Was the hacker behind the worm really protesting against NASA's launch of the plutonium-powered Galileo space probe? Did the use of the word `WANK'—a most un-American word—mean the hacker wasn't American? Why had the creator recreated the worm and released it a second time? Why had no-one, no political or other group, claimed responsibility for the WANK worm?

One of the many details which remained an enigma was contained in the version of the worm used in the second attack. The worm's creator had replaced the original process name, NETW_, with a new one, presumably to thwart the anti-WANK program. McMahon figured the original process name stood for `netwank'—a reasonable guess at the hacker's intended meaning. The new process name, however, left everyone on the SPAN team scratching their heads: it didn't seem to stand for anything. The letters formed an unlikely set of initials for someone's name. No-one recognised it as an acronym for a saying or an organisation. And it certainly wasn't a proper word in the English language. It was a complete mystery why the creator of the WANK worm, the hacker who launched an invasion into hundreds of NASA and DOE computers, should choose this weird word.

The word was `OILZ'.

Chapter 2 — The Corner Pub.

You talk of times of peace for all; and then prepare for war.

— from `Blossom of Blood', Species Deceases.

It is not surprising the SPAN security team would miss the mark. It is not surprising, for example, that these officials should to this day be pronouncing the `Oilz' version of the WANK worm as `oil zee'. It is also not surprising that they hypothesised the worm's creator chose the word `Oilz' because the modifications made to the last version made it slippery, perhaps even oily.

Likely as not, only an Australian would see the worm's link to the lyrics of Midnight Oil.

This was the world's first worm with a political message, and the second major worm in the history of the worldwide computer networks. It was also the trigger for the creation of FIRST, the Forum of Incident Response and Security Teams.2 FIRST was an international security alliance allowing governments, universities and commercial organisations to share information about computer network security incidents. Yet, NASA and the US Department of Energy were half a world away from finding the creator of the WANK worm. Even as investigators sniffed around electronic trails leading to France, it appears the perpetrator was hiding behind his computer and modem in Australia.

Geographically, Australia is a long way from anywhere. To Americans, it conjures up images of fuzzy marsupials, not computer hackers. American computer security officials, like those at NASA and the US Department of Energy, had other barriers as well. They function in a world of concretes, of appointments made and kept, of real names, business cards and official titles. The computer underground, by contrast, is a veiled world populated by characters slipping in and out of the half-darkness. It is not a place where people use their real names. It is not a place where people give out real personal details.

It is, in fact, not so much a place as a space. It is ephemeral, intangible—a foggy labyrinth of unmapped, winding streets through which one occasionally ascertains the contours of a fellow traveller.

When Ron Tencati, the manager in charge of NASA SPAN security, realised that NASA's computers were being attacked by an intruder, he rang the FBI. The US Federal Bureau of Investigation's Computer Crime Unit fired off a stream of questions. How many computers had been attacked? Where were they? Who was behind the attack? The FBI told Tencati, `keep us informed of the situation'. Like the CIAC team in the Department of Energy, it appears the FBI didn't have much knowledge of VMS, the primary computer operating system used in SPAN.

But the FBI knew enough to realise the worm attack was potentially very serious. The winding electronic trail pointed vaguely to a foreign computer system and, before long, the US Secret Service was involved. Then the French secret service, the Direction de la Surveillance du Territoire, or DST, jumped into the fray.

DST and the FBI began working together on the case. A casual observer with the benefit of hindsight might see different motivations driving the two government agencies. The FBI wanted to catch the perpetrator. The DST wanted to make it clear that the infamous WANK worm attack on the world's most prestigious space agency did not originate in France.

In the best tradition of cloak-and-dagger government agencies, the FBI and DST people established two communication channels—an official channel and an unofficial one. The official channel involved embassies, attachés, formal communiques and interminable delays in getting answers to the simplest questions. The unofficial channel involved a few phone calls and some fast answers.

Ron Tencati had a colleague named Chris on the SPAN network in France, which was the largest user of SPAN in Europe. Chris was involved in more than just science computer networks. He had certain contacts in the French government and seemed to be involved in their computer networks. So, when the FBI needed technical information for its investigation—the kind of information likely to be sanitised by some embassy bureaucrat—one of its agents rang up Ron Tencati. `Ron, ask your friend this,' the FBI would say. And Ron would.

`Chris, the FBI wants to know this,' Tencati would tell his colleague on SPAN France. Then Chris would get the necessary information. He would call Tencati back, saying, `Ron, here is the answer. Now, the DST wants to know that'. And off Ron would go in search of information requested by the DST.

The investigation proceeded in this way, with each helping the other through backdoor channels. But the Americans' investigation was headed toward the inescapable conclusion that the attack on NASA had originated from a French computer. The worm may have simply travelled through the French computer from yet another system, but the French machine appeared to be the sole point of infection for NASA.

The French did not like this outcome. Not one bit. There was no way that the worm had come from France. Ce n'est pas vrai.

Word came back from the French that they were sure the worm had come from the US. Why else would it have been programmed to mail details of all computer accounts it penetrated around the world back to a US machine, the computer known as GEMPAK? Because the author of the worm was an American, of course! Therefore it is not our problem, the French told the Americans. It is your problem.

Most computer security experts know it is standard practice among hackers to create the most tangled trail possible between the hacker and the hacked. It makes it very difficult for people like the FBI to trace who did it. So it would be difficult to draw definite conclusions about the nationality of the hacker from the location of a hacker's information drop-off point—a location the hacker no doubt figured would be investigated by the authorities almost immediately after the worm's release.

Tencati had established the French connection from some computer logs showing NASA under attack very early on Monday, 16 October. The logs were important because they were relatively clear. As the worm had procreated during that day, it had forced computers all over the network to attack each other in ever greater numbers. By 11 a.m. it was almost impossible to tell where any one attack began and the other ended.

Some time after the first attack, DST sent word that certain agents were going to be in Washington DC regarding other matters. They wanted a meeting with the FBI. A representative from the NASA Inspector General's Office would attend the meeting, as would someone from NASA SPAN security.

Tencati was sure he could show the WANK worm attack on NASA originated in France. But he also knew he had to document everything, to have exact answers to every question and counter-argument put forward by the French secret service agents at the FBI meeting. When he developed a timeline of attacks, he found that the GEMPAK machine showed X.25 network connection, via another system, from a French computer around the same time as the WANK worm attack. He followed the scent and contacted the manager of that system. Would he help Tencati? Mais oui. The machine is at your disposal, Monsieur Tencati.

Tencati had never used an X.25 network before; it had a unique set of commands unlike any other type of computer communications network. He wanted to retrace the steps of the worm, but he needed help. So he called his friend Bob Lyons at DEC to walk him through the process.

What Tencati found startled him. There were traces of the worm on the machine all right, the familiar pattern of login failures as the worm attempted to break into different accounts. But these remnants of the WANK worm were not dated 16 October or any time immediately around then. The logs showed worm-related activity up to two weeks before the attack on NASA. This computer was not just a pass-through machine the worm had used to launch its first attack on NASA. This was the development machine.

Ground zero.

Tencati went into the meeting with DST at the FBI offices prepared. He knew the accusations the French were going to put forward. When he presented the results of his sleuthwork, the French secret service couldn't refute it, but they dropped their own bombshell. Yes they told him, you might be able to point to a French system as ground zero for the attack, but our investigations reveal incoming X.25 connections from elsewhere which coincided with the timing of the development of the WANK worm.

The connections came from Australia.

The French had satisfied themselves that it wasn't a French hacker who had created the WANK worm. Ce n'est pas notre problem. At least, it's not our problem any more.

It is here that the trail begins to go cold. Law enforcement and computer security people in the US and Australia had ideas about just who had created the WANK worm. Fingers were pointed, accusations were made, but none stuck. At the end of the day, there was coincidence and innuendo, but not enough evidence to launch a case. Like many Australian hackers, the creator of the WANK worm had emerged from the shadows of the computer underground, stood momentarily in hazy silhouette, and then disappeared again.

The Australian computer underground in the late 1980s was an environment which spawned and shaped the author of the WANK worm. Affordable home computers, such as the Apple IIe and the Commodore 64, made their way into ordinary suburban families. While these computers were not widespread, they were at least in a price range which made them attainable by dedicated computer enthusiasts.

In 1988, the year before the WANK worm attack on NASA, Australia was on an upswing. The country was celebrating its bicentennial. The economy was booming. Trade barriers and old regulatory structures were coming down. Crocodile Dundee had already burst on the world movie scene and was making Australians the flavour of the month in cities like LA and New York. The mood was optimistic. People had a sense they were going places. Australia, a peaceful country of seventeen or so million people, poised on the edge of Asia but with the order of a Western European democracy, was on its way up. Perhaps for the first time, Australians had lost their cultural cringe, a unique type of insecurity alien to can-do cultures such as that found in the US. Exploration and experimentation require confidence and, in 1988, confidence was something Australia had finally attained.

Yet this new-found confidence and optimism did not subdue Australia's tradition of cynicism toward large institutions. The two coexisted, suspended in a strange paradox. Australian humour, deeply rooted in a scepticism of all things serious and sacred, continued to poke fun at upright institutions with a depth of irreverence surprising to many foreigners. This cynicism of large, respected institutions coursed through the newly formed Australian computer underground without dampening its excitement or optimism for the brave new world of computers in the least.

In 1988, the Australian computer underground thrived like a vibrant Asian street bazaar. In that year it was still a realm of place not space. Customers visited their regular stalls, haggled over goods with vendors, bumped into friends and waved across crowded paths to acquaintances. The market was as much a place to socialise as it was to shop. People ducked into tiny coffee houses or corner bars for intimate chats. The latest imported goods, laid out on tables like reams of bright Chinese silks, served as conversation starters. And, like every street market, many of the best items were tucked away, hidden in anticipation of the appearance of that one customer or friend most favoured by the trader. The currency of the underground was not money; it was information. People didn't share and exchange information to accumulate monetary wealth; they did it to win respect—and to buy a thrill.

The members of the Australian computer underground met on bulletin board systems, known as BBSes. Simple things by today's standards, BBSes were often composed of a souped-up Apple II computer, a single modem and a lone telephone line. But they drew people from all walks of life. Teenagers from working-class neighbourhoods and those from the exclusive private schools. University students. People in their twenties groping their way through first jobs. Even some professional people in their thirties and forties who spent weekends poring over computer manuals and building primitive computers in spare rooms. Most regular BBS users were male. Sometimes a user's sister would find her way into the BBS world, often in search of a boyfriend. Mission accomplished, she might disappear from the scene for weeks, perhaps months, presumably until she required another visit.

The BBS users had a few things in common. They were generally of above average intelligence—usually with a strong technical slant—and they were obsessed with their chosen hobby. They had to be. It often took 45 minutes of attack dialling a busy BBS's lone phone line just to visit the computer system for perhaps half an hour. Most serious BBS hobbyists went through this routine several times each day.

As the name suggests, a BBS had what amounted to an electronic version of a normal bulletin board. The owner of the BBS would have divided the board into different areas, as a school teacher crisscrosses coloured ribbon across the surface of a corkboard to divide it into sections. A single BBS might have 30 or more electronic discussion groups.

As a user to the board, you might visit the politics section, tacking up a `note' on your views of ALP or Liberal policies for anyone passing by to read. Alternatively, you might fancy yourself a bit of a poet and work up the courage to post an original piece of work in the Poet's Corner. The corner was often filled with dark, misanthropic works inspired by the miseries of adolescence. Perhaps you preferred to discuss music. On many BBSes you could find postings on virtually any type of music. The most popular groups included bands like Pink Floyd, Tangerine Dream and Midnight Oil. Midnight Oil's anti-establishment message struck a particular chord within the new BBS community.

Nineteen eighty-eight was the golden age of the BBS culture across Australia. It was an age of innocence and community, an open-air bazaar full of vitality and the sharing of ideas. For the most part, people trusted their peers within the community and the BBS operators, who were often revered as demigods. It was a happy place. And, in general, it was a safe place, which is perhaps one reason why its visitors felt secure in their explorations of new ideas. It was a place in which the creator of the WANK worm could sculpt and hone his creative computer skills.

The capital of this spirited new Australian electronic civilisation was Melbourne. It is difficult to say why this southern city became the cultural centre of the BBS world, and its darker side, the Australian computer underground. Maybe the city's history as Australia's intellectual centre created a breeding ground for the many young people who built their systems with little more than curiosity and salvaged computer bits discarded by others. Maybe Melbourne's personality as a city of suburban homebodies and backyard tinkerers produced a culture conducive to BBSes. Or maybe it was just Melbourne's dreary beaches and often miserable weather. As one Melbourne hacker explained it, `What else is there to do here all winter but hibernate inside with your computer and modem?'

In 1988, Melbourne had some 60 to 100 operating BBSes. The numbers are vague because it is difficult to count a collection of moving objects. The amateur nature of the systems, often a jumbled tangle of wires and second-hand electronics parts soldered together in someone's garage, meant that the life of any one system was frequently as short as a teenager's attention span. BBSes popped up, ran for two weeks, and then vanished again.

Some of them operated only during certain hours, say between 10 p.m. and 8 a.m. When the owner went to bed, he or she would plug the home phone line into the BBS and leave it there until morning. Others ran 24 hours a day, but the busiest times were always at night.

Of course it wasn't just intellectual stimulation some users were after. Visitors often sought identity as much as ideas. On an electronic bulletin board, you could create a personality, mould it into shape and make it your own. Age and appearance did not matter. Technical aptitude did. Any spotty, gawky teenage boy could instantly transform himself into a suave, graceful BBS character. The transformation began with the choice of name. In real life, you might be stuck with the name Elliot Dingle—an appellation chosen by your mother to honour a long-dead great uncle. But on a BBS, well, you could be Blade Runner, Ned Kelly or Mad Max. Small wonder that, given the choice, many teenage boys chose to spend their time in the world of the BBS.

Generally, once a user chose a handle, as the on-line names are known, he stuck with it. All his electronic mail came to an account with that name on it. Postings to bulletin boards were signed with it. Others dwelling in the system world knew him by that name and no other. A handle evolved into a name laden with innate meaning, though the personality reflected in it might well have been an alter ego. And so it was that characters like The Wizard, Conan and Iceman came to pass their time on BBSes like the Crystal Palace, Megaworks, The Real Connection and Electric Dreams.

What such visitors valued about the BBS varied greatly. Some wanted to participate in its social life. They wanted to meet people like themselves—bright but geeky or misanthropic people who shared an interest in the finer technical points of computers. Many lived as outcasts in real life, never quite making it into the `normal' groups of friends at school or uni. Though some had started their first jobs, they hadn't managed to shake the daggy awkwardness which pursued them throughout their teen years. On the surface, they were just not the sort of people one asked out to the pub for a cold one after the footy.

But that was all right. In general, they weren't much interested in footy anyway.