Each BBS had its own style. Some were completely legitimate, with their wares—all legal goods—laid out in the open. Others, like The Real Connection, had once housed Australia's earliest hackers but had gone straight. They closed up the hacking parts of the board before the first Commonwealth government hacking laws were enacted in June 1989. Perhaps ten or twelve of Melbourne's BBSes at the time had the secret, smoky flavour of the computer underground. A handful of these were invitation-only boards, places like Greyhawk and The Realm. You couldn't simply ring up the board, create a new account and login. You had to be invited by the board's owner. Members of the general modeming public need not apply.

The two most important hubs in the Australian underground between 1987 and 1989 were named Pacific Island and Zen. A 23-year-old who called himself Craig Bowen ran both systems from his bedroom.

Also known as Thunderbird1, Bowen started up Pacific Island in 1987 because he wanted a hub for hackers. The fledgling hacking community was dispersed after AHUBBS, possibly Melbourne's earliest hacking board, faded away. Bowen decided to create a home for it, a sort of dark, womb-like cafe bar amid the bustle of the BBS bazaar where Melbourne's hackers could gather and share information.

His bedroom was a simple, boyish place. Built-in cupboards, a bed, a wallpaper design of vintage cars running across one side of the room. A window overlooking the neighbours' leafy suburban yard. A collection of PC magazines with titles like Nibble and Byte. A few volumes on computer programming. VAX/VMS manuals. Not many books, but a handful of science fiction works by Arthur C. Clarke. The Hitchhiker's Guide to the Galaxy. A Chinese-language dictionary used during his high school Mandarin classes, and after, as he continued to study the language on his own while he held down his first job.

The Apple IIe, modem and telephone line rested on the drop-down drawing table and fold-up card table at the foot of his bed. Bowen put his TV next to the computer so he could sit in bed, watch TV and use Pacific Island all at the same time. Later, when he started Zen, it sat next to Pacific Island. It was the perfect set-up.

Pacific Island was hardly fancy by today's standards of Unix Internet machines, but in 1987 it was an impressive computer. PI, pronounced `pie' by the local users, had a 20 megabyte hard drive—gargantuan for a personal computer at the time. Bowen spent about $5000 setting up PI alone. He loved both systems and spent many hours each week nurturing them.

There was no charge for computer accounts on PI or ZEN, like most BBSes. This gentle-faced youth, a half-boy, half-man who would eventually play host on his humble BBS to many of Australia's cleverest computer and telephone hackers, could afford to pay for his computers for two reasons: he lived at home with his mum and dad, and he had a full-time job at Telecom—then the only domestic telephone carrier in Australia.

PI had about 800 computer users, up to 200 of whom were `core' users accessing the system regularly. PI had its own dedicated phone line, separate from the house phone so Bowen's parents wouldn't get upset the line was always tied up. Later, he put in four additional phone lines for Zen, which had about 2000 users. Using his Telecom training, he installed a number of non-standard, but legal, features to his house. Junction boxes, master switches. Bowen's house was a telecommunications hot-rod.

Bowen had decided early on that if he wanted to keep his job, he had better not do anything illegal when it came to Telecom. However, the Australian national telecommunications carrier was a handy source of technical information. For example, he had an account on a Telecom computer system—for work—from which he could learn about Telecom's exchanges. But he never used that account for hacking. Most respectable hackers followed a similar philosophy. Some had legitimate university computer accounts for their courses, but they kept those accounts clean. A basic rule of the underground, in the words of one hacker, was `Don't foul your own nest'.

PI contained a public section and a private one. The public area was like an old-time pub. Anyone could wander in, plop down at the bar and start up a conversation with a group of locals. Just ring up the system with your modem and type in your details—real name, your chosen handle, phone number and other basic information.

Many BBS users gave false information in order to hide their true identities, and many operators didn't really care. Bowen, however, did. Running a hacker's board carried some risk, even before the federal computer crime laws came into force. Pirated software was illegal. Storing data copied from hacking adventures in foreign computers might also be considered illegal. In an effort to exclude police and media spies, Bowen tried to verify the personal details of every user on PI by ringing them at home or work. Often he was successful. Sometimes he wasn't.

The public section of PI housed discussion groups on the major PC brands—IBM, Commodore, Amiga, Apple and Atari—next to the popular Lonely Hearts group. Lonely Hearts had about twenty regulars, most of whom agonised under the weight of pubescent hormonal changes. A boy pining for the affections of the girl who dumped him or, worse, didn't even know he existed. Teenagers who contemplated suicide. The messages were completely anonymous, readers didn't even know the authors' handles, and that anonymous setting allowed heart-felt messages and genuine responses.

Zen was PI's sophisticated younger sister. Within two years of PI making its debut, Bowen opened up Zen, one of the first Australian BBSes with more than one telephone line. The main reason he set up Zen was to stop his computer users from bothering him all the time. When someone logged into PI, one of the first things he or she did was request an on-line chat with the system operator. PI's Apple IIe was such a basic machine by today's standards, Bowen couldn't multi-task on it. He could not do anything with the machine, such as check his own mail, while a visitor was logged into PI.

Zen was a watershed in the Australian BBS community. Zen multi-tasked. Up to four people could ring up and login to the machine at any one time, and Bowen could do his own thing while his users were on-line. Better still, his users could talk request each other instead of hassling him all the time. Having users on a multi-tasking machine with multiple phone lines was like having a gaggle of children. For the most part, they amused each other.

Mainstream and respectful of authority on the surface, Bowen possessed the same streak of anti-establishment views harboured by many in the underground. His choice of name for Zen underlined this. Zen came from the futuristic British TV science fiction series `Blake 7', in which a bunch of underfunded rebels attempted to overthrow an evil totalitarian government. Zen was the computer on the rebels' ship. The rebels banded together after meeting on a prison ship; they were all being transported to a penal settlement on another planet. It was a story people in the Australian underground could relate to. One of the lead characters, a sort of heroic anti-hero, had been sentenced to prison for computer hacking. His big mistake, he told fellow rebels, was that he had relied on other people. He trusted them. He should have worked alone.

Craig Bowen had no idea of how true that sentiment would ring in a matter of months.

Bowen's place was a hub of current and future lights in the computer underground. The Wizard. The Force. Powerspike. Phoenix. Electron. Nom. Prime Suspect. Mendax. Train Trax. Some, such as Prime Suspect, merely passed through, occasionally stopping in to check out the action and greet friends. Others, such as Nom, were part of the close-knit PI family. Nom helped Bowen set up PI. Like many early members of the underground, they met through AUSOM, an Apple users' society in Melbourne. Bowen wanted to run ASCII Express, a program which allowed people to transfer files between their own computers and PI. But, as usual, he and everyone he knew only had a pirated copy of the program. No manuals. So Nom and Bowen spent one weekend picking apart the program by themselves. They were each at home, on their own machines, with copies. They sat on the phone for hours working through how the program worked. They wrote their own manual for other people in the underground suffering under the same lack of documentation. Then they got it up and running on PI.

Making your way into the various groups in a BBS such as PI or Zen had benefits besides hacking information. If you wanted to drop your mantle of anonymity, you could join a pre-packaged, close-knit circle of friends. For example, one clique of PI people were fanatical followers of the film The Blues Brothers. Every Friday night, this group dressed up in Blues Brothers costumes of a dark suit, white shirt, narrow tie, Rayban sunglasses and, of course, the snap-brimmed hat. One couple brought their child, dressed as a mini-Blues Brother. The group of Friday night regulars made their way at 11.30 to Northcote's Valhalla Theatre (now the Westgarth). Its grand but slightly tatty vintage atmosphere lent itself to this alternative culture flourishing in late-night revelries. Leaping up on stage mid-film, the PI groupies sent up the actors in key scenes. It was a fun and, as importantly, a cheap evening. The Valhalla staff admitted regulars who were dressed in appropriate costume for free. The only thing the groupies had to pay for was drinks at the intermission.

Occasionally, Bowen arranged gatherings of other young PI and Zen users. Usually, the group met in downtown Melbourne, sometimes at the City Square. The group was mostly boys, but sometimes a few girls would show up. Bowen's sister, who used the handle Syn, hung around a bit. She went out with a few hackers from the BBS scene. And she wasn't the only one. It was a tight group which interchanged boyfriends and girlfriends with considerable regularity. The group hung out in the City Square after watching a movie, usually a horror film. Nightmare 2. House 3. Titles tended to be a noun followed by a numeral. Once, for a bit of lively variation, they went bowling and drove the other people at the alley nuts. After the early entertainment, it was down to McDonald's for a cheap burger. They joked and laughed and threw gherkins against the restaurant's wall. This was followed by more hanging around on the stone steps of the City Square before catching the last bus or train home.

The social sections of PI and Zen were more successful than the technical ones, but the private hacking section was even more successful than the others. The hacking section was hidden; would-be members of the Melbourne underground knew there was something going on, but they couldn't find out what is was.

Getting an invite to the private area required hacking skill or information, and usually a recommendation to Bowen from someone who was already inside. Within the Inner Sanctum, as the private hacking area was called, people could comfortably share information such as opinions of new computer products, techniques for hacking, details of companies which had set up new sites to hack and the latest rumours on what the law enforcement agencies were up to.

The Inner Sanctum was not, however, the only private room. Two hacking groups, Elite and H.A.C.K., guarded entry to their yet more exclusive back rooms. Even if you managed to get entry to the Inner Sanctum, you might not even know that H.A.C.K. or Elite existed. You might know there was a place even more selective than your area, but exactly how many layers of the onion stood between you and the most exclusive section was anyone's guess. Almost every hacker interviewed for this book described a vague sense of being somehow outside the innermost circle. They knew it was there, but wasn't sure just what it was.

Bowen fielded occasional phone calls on his voice line from wanna-be hackers trying to pry open the door to the Inner Sanctum. `I want access to your pirate system,' the voice would whine.

`What pirate system? Who told you my system was a pirate system?'

Bowen sussed out how much the caller knew, and who had told him. Then he denied everything.

To avoid these requests, Bowen had tried to hide his address, real name and phone number from most of the people who used his BBSes. But he wasn't completely successful. He had been surprised by the sudden appearance one day of Masked Avenger on his doorstep. How Masked Avenger actually found his address was a mystery. The two had chatted in a friendly fashion on-line, but Bowen didn't give out his details. Nothing could have prepared him for the little kid in the big crash helmet standing by his bike in front of Bowen's house. `Hi!' he squeaked. `I'm the Masked Avenger!'

Masked Avenger—a boy perhaps fifteen years old—was quite resourceful to have found out Bowen's details. Bowen invited him in and showed him the system. They became friends. But after that incident, Bowen decided to tighten security around his personal details even more. He began, in his own words, `moving toward full anonymity'. He invented the name Craig Bowen, and everyone in the underground came to know him by that name or his handle, Thunderbird1. He even opened a false bank account in the name of Bowen for the periodic voluntary donations users sent into PI. It was never a lot of money, mostly $5 or $10, because students don't tend to have much money. He ploughed it all back into PI.

People had lots of reasons for wanting to get into the Inner Sanctum. Some wanted free copies of the latest software, usually pirated games from the US. Others wanted to share information and ideas about ways to break into computers, often those owned by local universities. Still others wanted to learn about how to manipulate the telephone system.

The private areas functioned like a royal court, populated by aristocrats and courtiers with varying seniority, loyalties and rivalries. The areas involved an intricate social order and respect was the name of the game. If you wanted admission, you had to walk a delicate line between showing your superiors that you possessed enough valuable hacking information to be elite and not showing them so much they would brand you a blabbermouth. A perfect bargaining chip was an old password for Melbourne University's dial-out.

The university's dial-out was a valuable thing. A hacker could ring up the university's computer, login as `modem' and the machine would drop him into a modem which let him dial out again. He could then dial anywhere in the world, and the university would foot the phone bill. In the late 1980s, before the days of cheap, accessible Internet connections, the university dial-out meant a hacker could access anything from an underground BBS in Germany to a US military system in Panama. The password put the world at his fingertips.

A hacker aspiring to move into PI's Inner Sanctum wouldn't give out the current dial-out password in the public discussion areas. Most likely, if he was low in the pecking order, he wouldn't have such precious information. Even if he had managed to stumble across the current password somehow, it was risky giving it out publicly. Every wanna-be and his dog would start messing around with the university's modem account. The system administrator would wise up and change the password and the hacker would quickly lose his own access to the university account. Worse, he would lose access for other hackers—the kind of hackers who ran H.A.C.K., Elite and the Inner Sanctum. They would be really cross. Hackers hate it when passwords on accounts they consider their own are changed without warning. Even if the password wasn't changed, the aspiring hacker would look like a guy who couldn't keep a good secret.

Posting an old password, however, was quite a different matter. The information was next to useless, so the hacker wouldn't be giving much away. But just showing he had access to that sort of information suggested he was somehow in the know. Other hackers might think he had had the password when it was still valid. More importantly, by showing off a known, expired password, the hacker hinted that he might just have the current password. Voila! Instant respect.

Positioning oneself to win an invite into the Inner Sanctum was a game of strategy; titillate but never go all the way. After a while, someone on the inside would probably notice you and put in a word with Bowen. Then you would get an invitation.

If you were seriously ambitious and wanted to get past the first inner layer, you then had to start performing for real. You couldn't hide behind the excuse that the public area might be monitored by the authorities or was full of idiots who might abuse valuable hacking information.

The hackers in the most elite area would judge you on how much information you provided about breaking into computer or phone systems. They also looked at the accuracy of the information. It was easy getting out-of-date login names and passwords for a student account on Monash University's computer system. Posting a valid account for the New Zealand forestry department's VMS system intrigued the people who counted considerably more.

The Great Rite of Passage from boy to man in the computer underground was Minerva. OTC, Australia's then government-owned Overseas Telecommunications Commission,3 ran Minerva, a system of three Prime mainframes in Sydney. For hackers such as Mendax, breaking into Minerva was the test.

Back in early 1988, Mendax was just beginning to explore the world of hacking. He had managed to break through the barrier from public to private section of PI, but it wasn't enough. To be recognised as up-and-coming talent by the aristocracy of hackers such as The Force and The Wizard, a hacker had to spend time inside the Minerva system. Mendax set to work on breaking into it.

Minerva was special for a number of reasons. Although it was in Sydney, the phone number to its entry computer, called an X.25 pad, was a free call. At the time Mendax lived in Emerald, a country town on the outskirts of Melbourne. A call to most Melbourne numbers incurred a long-distance charge, thus ruling out options such as the Melbourne University dial-out for breaking into international computer systems.

Emerald was hardly Emerald City. For a clever sixteen-year-old boy, the place was dead boring. Mendax lived there with his mother; Emerald was merely a stopping point, one of dozens, as his mother shuttled her child around the continent trying to escape from a psychopathic former de facto. The house was an emergency refuge for families on the run. It was safe and so, for a time, Mendax and his exhausted family stopped to rest before tearing off again in search of a new place to hide.

Sometimes Mendax went to school. Often he didn't. The school system didn't hold much interest for him. It didn't feed his mind the way Minerva would. They Sydney computer system was a far more interesting place to muck around in than the rural high school.

Minerva was a Prime computer, and Primes were in. Force, one of the more respected hackers in 1987-88 in the Australian computer underground, specialised in Primos, the special operating system used on Prime computers. He wrote his own programs—potent hacking tools which provided current usernames and passwords—and made the systems fashionable in the computer underground.

Prime computers were big and expensive and no hacker could afford one, so being able to access the speed and computational grunt of a system like Minerva was valuable for running a hacker's own programs. For example, a network scanner, a program which gathered the addresses of computers on the X.25 network which would be targets for future hacking adventures, ate up computing resources. But a huge machine like Minerva could handle that sort of program with ease. Minerva also allowed users to connect to other computer systems on the X.25 network around the world. Better still, Minerva had a BASIC interpreter on it. This allowed people to write programs in the BASIC programming language—by far the most popular language at the time—and make them run on Minerva. You didn't have to be a Primos fanatic, like Force, to write and execute a program on the OTC computer. Minerva suited Mendax very well.

The OTC system had other benefits. Most major Australian corporations had accounts on the system. Breaking into an account requires a username and password; find the username and you have solved half the equation. Minerva account names were easy picking. Each one was composed of three letters followed by three numbers, a system which could have been difficult to crack except for the choice of those letters and numbers. The first three letters were almost always obvious acronyms for the company. For example, the ANZ Bank had accounts named ANZ001, ANZ002 and ANZ002. The numbers followed the same pattern for most companies. BHP001. CRA001. NAB001. Even OTC007. Anyone with the IQ of a desk lamp could guess at least a few account names on Minerva. Passwords were a bit tougher to come by, but Mendax had some ideas for that. He was going to have a crack at social engineering. Social engineering means smooth-talking someone in a position of power into doing something for you. It always involved a ruse of some sort.

Mendax decided he would social engineer a password out of one of Minerva's users. He had downloaded a partial list of Minerva users another PI hacker had generously posted for those talented enough to make use of it. This list was maybe two years old, and incomplete, but it contained 30-odd pages of Minerva account usernames, company names, addresses, contact names and telephone and fax numbers. Some of them would probably still be valid.

Mendax had a deep voice for his age; it would have been impossible to even contemplate social engineering without it. Cracking adolescent male voices were the kiss of death for would-be social engineers. But even though he had the voice, he didn't have the office or the Sydney phone number if the intended victim wanted a number to call back on. He found a way to solve the Sydney phone number by poking around until he dug up a number with Sydney's 02 area code which was permanently engaged. One down, one to go.

Next problem: generate some realistic office background noise. He could hardly call a company posing as an OTC official to cajole a password when the only background noise was birds tweeting in the fresh country air.

No, he needed the same background buzz as a crowded office in downtown Sydney. Mendex had a tape recorder, so he could pre-record the sound of an office and play it as background when he called companies on the Minerva list. The only hurdle was finding the appropriate office noise. Not even the local post office would offer a believable noise level. With none easily accessible, he decided to make his own audible office clutter. It wouldn't be easy. With a single track on his recording device, he couldn't dub in sounds on top of each other: he had to make all the noises simultaneously.

First, he turned on the TV news, down very low, so it just hummed in the background. Then he set up a long document to print on his Commodore MPS 801 printer. He removed the cover from the noisy dot matrix machine, to create just the right volume of clackity-clack in the background. Still, he needed something more. Operators' voices mumbling across a crowded floor. He could mumble quietly to himself, but he soon discovered his verbal skills had not developed to the point of being able to stand in the middle of the room talking about nothing to himself for a quarter of an hour. So he fished out his volume of Shakespeare and started reading aloud. Loud enough to hear voices, but not so loud that the intended victim would be able to pick Macbeth. OTC operators had keyboards, so he began tapping randomly on his. Occasionally, for a little variation, he walked up to the tape recorder and asked a question—and then promptly answered it in another voice. He stomped noisily away from the recorder again, across the room, and then silently dove back to the keyboard for more keyboard typing and mumblings of Macbeth.

It was exhausting. He figured the tape had to run for at least fifteen minutes uninterrupted. It wouldn't look very realistic if the office buzz suddenly went dead for three seconds at a time in the places where he paused the tape to rest.

The tapes took a number of attempts. He would be halfway through, racing through line after line of Shakespeare, rap-tap-tapping on his keyboard and asking himself questions in authoritative voices when the paper jammed in his printer. Damn. He had to start all over again. Finally, after a tiring hour of auditory schizophrenia, he had the perfect tape of office hubbub.