Getting an invite to the private area required hacking skill or information, and usually a recommendation to Bowen from someone who was already inside. Within the Inner Sanctum, as the private hacking area was called, people could comfortably share information such as opinions of new computer products, techniques for hacking, details of companies which had set up new sites to hack and the latest rumours on what the law enforcement agencies were up to.
The Inner Sanctum was not, however, the only private room. Two hacking groups, Elite and H.A.C.K., guarded entry to their yet more exclusive back rooms. Even if you managed to get entry to the Inner Sanctum, you might not even know that H.A.C.K. or Elite existed. You might know there was a place even more selective than your area, but exactly how many layers of the onion stood between you and the most exclusive section was anyone's guess. Almost every hacker interviewed for this book described a vague sense of being somehow outside the innermost circle. They knew it was there, but wasn't sure just what it was.
Bowen fielded occasional phone calls on his voice line from wanna-be hackers trying to pry open the door to the Inner Sanctum. `I want access to your pirate system,' the voice would whine.
`What pirate system? Who told you my system was a pirate system?'
Bowen sussed out how much the caller knew, and who had told him. Then he denied everything.
To avoid these requests, Bowen had tried to hide his address, real name and phone number from most of the people who used his BBSes. But he wasn't completely successful. He had been surprised by the sudden appearance one day of Masked Avenger on his doorstep. How Masked Avenger actually found his address was a mystery. The two had chatted in a friendly fashion on-line, but Bowen didn't give out his details. Nothing could have prepared him for the little kid in the big crash helmet standing by his bike in front of Bowen's house. `Hi!' he squeaked. `I'm the Masked Avenger!'
Masked Avenger—a boy perhaps fifteen years old—was quite resourceful to have found out Bowen's details. Bowen invited him in and showed him the system. They became friends. But after that incident, Bowen decided to tighten security around his personal details even more. He began, in his own words, `moving toward full anonymity'. He invented the name Craig Bowen, and everyone in the underground came to know him by that name or his handle, Thunderbird1. He even opened a false bank account in the name of Bowen for the periodic voluntary donations users sent into PI. It was never a lot of money, mostly $5 or $10, because students don't tend to have much money. He ploughed it all back into PI.
People had lots of reasons for wanting to get into the Inner Sanctum. Some wanted free copies of the latest software, usually pirated games from the US. Others wanted to share information and ideas about ways to break into computers, often those owned by local universities. Still others wanted to learn about how to manipulate the telephone system.
The private areas functioned like a royal court, populated by aristocrats and courtiers with varying seniority, loyalties and rivalries. The areas involved an intricate social order and respect was the name of the game. If you wanted admission, you had to walk a delicate line between showing your superiors that you possessed enough valuable hacking information to be elite and not showing them so much they would brand you a blabbermouth. A perfect bargaining chip was an old password for Melbourne University's dial-out.
The university's dial-out was a valuable thing. A hacker could ring up the university's computer, login as `modem' and the machine would drop him into a modem which let him dial out again. He could then dial anywhere in the world, and the university would foot the phone bill. In the late 1980s, before the days of cheap, accessible Internet connections, the university dial-out meant a hacker could access anything from an underground BBS in Germany to a US military system in Panama. The password put the world at his fingertips.
A hacker aspiring to move into PI's Inner Sanctum wouldn't give out the current dial-out password in the public discussion areas. Most likely, if he was low in the pecking order, he wouldn't have such precious information. Even if he had managed to stumble across the current password somehow, it was risky giving it out publicly. Every wanna-be and his dog would start messing around with the university's modem account. The system administrator would wise up and change the password and the hacker would quickly lose his own access to the university account. Worse, he would lose access for other hackers—the kind of hackers who ran H.A.C.K., Elite and the Inner Sanctum. They would be really cross. Hackers hate it when passwords on accounts they consider their own are changed without warning. Even if the password wasn't changed, the aspiring hacker would look like a guy who couldn't keep a good secret.
Posting an old password, however, was quite a different matter. The information was next to useless, so the hacker wouldn't be giving much away. But just showing he had access to that sort of information suggested he was somehow in the know. Other hackers might think he had had the password when it was still valid. More importantly, by showing off a known, expired password, the hacker hinted that he might just have the current password. Voila! Instant respect.
Positioning oneself to win an invite into the Inner Sanctum was a game of strategy; titillate but never go all the way. After a while, someone on the inside would probably notice you and put in a word with Bowen. Then you would get an invitation.
If you were seriously ambitious and wanted to get past the first inner layer, you then had to start performing for real. You couldn't hide behind the excuse that the public area might be monitored by the authorities or was full of idiots who might abuse valuable hacking information.
The hackers in the most elite area would judge you on how much information you provided about breaking into computer or phone systems. They also looked at the accuracy of the information. It was easy getting out-of-date login names and passwords for a student account on Monash University's computer system. Posting a valid account for the New Zealand forestry department's VMS system intrigued the people who counted considerably more.
The Great Rite of Passage from boy to man in the computer underground was Minerva. OTC, Australia's then government-owned Overseas Telecommunications Commission,3 ran Minerva, a system of three Prime mainframes in Sydney. For hackers such as Mendax, breaking into Minerva was the test.
Back in early 1988, Mendax was just beginning to explore the world of hacking. He had managed to break through the barrier from public to private section of PI, but it wasn't enough. To be recognised as up-and-coming talent by the aristocracy of hackers such as The Force and The Wizard, a hacker had to spend time inside the Minerva system. Mendax set to work on breaking into it.
Minerva was special for a number of reasons. Although it was in Sydney, the phone number to its entry computer, called an X.25 pad, was a free call. At the time Mendax lived in Emerald, a country town on the outskirts of Melbourne. A call to most Melbourne numbers incurred a long-distance charge, thus ruling out options such as the Melbourne University dial-out for breaking into international computer systems.
Emerald was hardly Emerald City. For a clever sixteen-year-old boy, the place was dead boring. Mendax lived there with his mother; Emerald was merely a stopping point, one of dozens, as his mother shuttled her child around the continent trying to escape from a psychopathic former de facto. The house was an emergency refuge for families on the run. It was safe and so, for a time, Mendax and his exhausted family stopped to rest before tearing off again in search of a new place to hide.
Sometimes Mendax went to school. Often he didn't. The school system didn't hold much interest for him. It didn't feed his mind the way Minerva would. They Sydney computer system was a far more interesting place to muck around in than the rural high school.
Minerva was a Prime computer, and Primes were in. Force, one of the more respected hackers in 1987-88 in the Australian computer underground, specialised in Primos, the special operating system used on Prime computers. He wrote his own programs—potent hacking tools which provided current usernames and passwords—and made the systems fashionable in the computer underground.
Prime computers were big and expensive and no hacker could afford one, so being able to access the speed and computational grunt of a system like Minerva was valuable for running a hacker's own programs. For example, a network scanner, a program which gathered the addresses of computers on the X.25 network which would be targets for future hacking adventures, ate up computing resources. But a huge machine like Minerva could handle that sort of program with ease. Minerva also allowed users to connect to other computer systems on the X.25 network around the world. Better still, Minerva had a BASIC interpreter on it. This allowed people to write programs in the BASIC programming language—by far the most popular language at the time—and make them run on Minerva. You didn't have to be a Primos fanatic, like Force, to write and execute a program on the OTC computer. Minerva suited Mendax very well.
The OTC system had other benefits. Most major Australian corporations had accounts on the system. Breaking into an account requires a username and password; find the username and you have solved half the equation. Minerva account names were easy picking. Each one was composed of three letters followed by three numbers, a system which could have been difficult to crack except for the choice of those letters and numbers. The first three letters were almost always obvious acronyms for the company. For example, the ANZ Bank had accounts named ANZ001, ANZ002 and ANZ002. The numbers followed the same pattern for most companies. BHP001. CRA001. NAB001. Even OTC007. Anyone with the IQ of a desk lamp could guess at least a few account names on Minerva. Passwords were a bit tougher to come by, but Mendax had some ideas for that. He was going to have a crack at social engineering. Social engineering means smooth-talking someone in a position of power into doing something for you. It always involved a ruse of some sort.
Mendax decided he would social engineer a password out of one of Minerva's users. He had downloaded a partial list of Minerva users another PI hacker had generously posted for those talented enough to make use of it. This list was maybe two years old, and incomplete, but it contained 30-odd pages of Minerva account usernames, company names, addresses, contact names and telephone and fax numbers. Some of them would probably still be valid.
Mendax had a deep voice for his age; it would have been impossible to even contemplate social engineering without it. Cracking adolescent male voices were the kiss of death for would-be social engineers. But even though he had the voice, he didn't have the office or the Sydney phone number if the intended victim wanted a number to call back on. He found a way to solve the Sydney phone number by poking around until he dug up a number with Sydney's 02 area code which was permanently engaged. One down, one to go.
Next problem: generate some realistic office background noise. He could hardly call a company posing as an OTC official to cajole a password when the only background noise was birds tweeting in the fresh country air.
No, he needed the same background buzz as a crowded office in downtown Sydney. Mendex had a tape recorder, so he could pre-record the sound of an office and play it as background when he called companies on the Minerva list. The only hurdle was finding the appropriate office noise. Not even the local post office would offer a believable noise level. With none easily accessible, he decided to make his own audible office clutter. It wouldn't be easy. With a single track on his recording device, he couldn't dub in sounds on top of each other: he had to make all the noises simultaneously.
First, he turned on the TV news, down very low, so it just hummed in the background. Then he set up a long document to print on his Commodore MPS 801 printer. He removed the cover from the noisy dot matrix machine, to create just the right volume of clackity-clack in the background. Still, he needed something more. Operators' voices mumbling across a crowded floor. He could mumble quietly to himself, but he soon discovered his verbal skills had not developed to the point of being able to stand in the middle of the room talking about nothing to himself for a quarter of an hour. So he fished out his volume of Shakespeare and started reading aloud. Loud enough to hear voices, but not so loud that the intended victim would be able to pick Macbeth. OTC operators had keyboards, so he began tapping randomly on his. Occasionally, for a little variation, he walked up to the tape recorder and asked a question—and then promptly answered it in another voice. He stomped noisily away from the recorder again, across the room, and then silently dove back to the keyboard for more keyboard typing and mumblings of Macbeth.
It was exhausting. He figured the tape had to run for at least fifteen minutes uninterrupted. It wouldn't look very realistic if the office buzz suddenly went dead for three seconds at a time in the places where he paused the tape to rest.
The tapes took a number of attempts. He would be halfway through, racing through line after line of Shakespeare, rap-tap-tapping on his keyboard and asking himself questions in authoritative voices when the paper jammed in his printer. Damn. He had to start all over again. Finally, after a tiring hour of auditory schizophrenia, he had the perfect tape of office hubbub.
Mendax pulled out his partial list of Minerva users and began working through the 30-odd pages. It was discouraging.
`The number you have dialled is not connected. Please check the number before dialling again.'
Next number.
`Sorry, he is in a meeting at the moment. Can I have him return your call?' Ah, no thanks.
Another try.
`That person is no longer working with our company. Can I refer you to someone else?' Uhm, not really.
And another try.
Finally, success.
Mendax reached one of the contact names for a company in Perth. Valid number, valid company, valid contact name. He cleared his throat to deepen his voice even further and began.
`This is John Keller, an operator from OTC Minerva in Sydney. One of our D090 hard drives has crashed. We've pulled across the data on the back-up tape and we believe we have all your correct information. But some of it might have been corrupted in the accident and we would just like to confirm your details. Also the back-up tape is two days old, so we want to check your information is up to date so your service is not interrupted. Let me just dig out your details …' Mendax shuffled some papers around on the table top.