It was against this backdrop that Gavin came to Force with his urgent warning in late 1989. Gavin had learned that the Australian Federal Police were getting complaints about hackers operating out of Melbourne. The Melbourne hacking community had become very noisy and was leaving footprints all over the place as its members traversed the world's data networks.
There were other active hacking communities outside Australia—in the north of England, in Texas, in New York. But the Melbourne hackers weren't just noisy—they were noisy inside American computers. It wasn't just a case of American hackers breaking into American systems. This was about foreign nationals penetrating American computers. And there was something else which made the Australian hackers a target. The US Secret Service knew an Australian named Phoenix had been inside Citibank, one of the biggest financial institutions in the US.
Gavin didn't have many details to give Force. All he knew was that an American law enforcement agency—probably the Secret Service—had been putting enormous pressure on the Australian government to bust these people.
What Gavin didn't know was that the Secret Service wasn't the only source of pressure coming from the other side of the Pacific. The FBI had also approached the Australian Federal Police about the mysterious but noisy Australian hackers who kept breaking into American systems,5 and the AFP had acted on the information.
In late 1989, Detective Superintendent Ken Hunt of the AFP headed an investigation into the Melbourne hackers. It was believed to be the first major investigation of computer crime since the introduction of Australia's first federal anti-hacking laws. Like most law enforcement agencies around the world, the AFP were new players in the field of computer crime. Few officers had expertise in computers, let alone computer crime, so this case would prove to be an important proving ground.6
When Gavin broke the news, Force acted immediately. He called Phoenix on the phone, insisting on meeting him in person as soon as possible. As their friendship had progressed, they had moved from talking on-line to telephone conversations and finally to spending time together in person. Force sat Phoenix down alone and gave him a stern warning. He didn't tell him how he got his information, but he made it clear the source was reliable.
The word was that the police felt they had to bust someone. It had come to the point where an American law enforcement officer had reportedly told his Australian counterpart, `If you don't do something about it soon, we'll do something about it ourselves'. The American hadn't bothered to elaborate on just how they might do something about it, but it didn't matter.
Phoenix looked suddenly pale. He had certainly been very noisy, and was breaking into systems virtually all the time now. Many of those systems were in the US.
He certainly didn't want to end up like the West German hacker
Hagbard, whose petrol-doused, charred remains had been discovered in a
German forest in June 1989.
An associate of Pengo's, Hagbard had been involved in a ring of German hackers who sold the information they found in American computers to a KGB agent in East Germany from 1986 to 1988.
In March 1989, German police raided the homes and offices of the German hacking group and began arresting people. Like Pengo, Hagbard had secretly turned himself into the German authorities months before and given full details of the hacking ring's activities in the hope of gaining immunity from prosecution.
American law enforcement agencies and prosecutors had not been enthusiastic about showing the hackers any leniency. Several US agencies, including the CIA and the FBI, had been chasing the German espionage ring and they wanted stiff sentences, preferably served in an American prison.
German court proceedings were under way when Hagbard's body was found. Did he commit suicide or was he murdered? No-one knew for sure, but the news shook the computer underground around the world. Hackers discussed the issue in considerable depth. On the one hand, Hagbard had a long history of mental instability and drug use, having spent time in psychiatric hospitals and detoxification centres off and on since the beginning of 1987. On the other hand, if you were going to kill yourself, would you really want to die in the agony of a petrol fire? Or would you just take a few too many pills or a quick bullet?
Whether it was murder or suicide, the death of Hagbard loomed large before Phoenix. Who were the American law enforcement agencies after in Australia? Did they want him?
No. Force reassured him, they were after Electron. The problem for Phoenix was that he kept talking to Electron on the phone—in voice conversations. If Phoenix continued associating with Electron, he too would be scooped up in the AFP's net.
The message to Phoenix was crystal clear.
Stay away from Electron.
`Listen, you miserable scum-sucking pig.'
`Huh?' Phoenix answered, only half paying attention.
`Piece of shit machine. I did all this editing and the damn thing didn't save the changes,' Electron growled at the Commodore Amiga, with its 512 k of memory, sitting on the desk in his bedroom.
It was January 1990 and both Phoenix and Electron were at home on holidays before the start of university.
`Yeah. Wish I could get this thing working. Fucking hell. Work you!' Phoenix yelled. Electron could hear him typing at the other end of the phone while he talked. He had been struggling to get AUX, the Apple version of Unix, running on his Macintosh SE30 for days.
It was difficult to have an uninterrupted conversation with Phoenix. If it wasn't his machine crashing, it was his grandmother asking him questions from the doorway of his room.
`You wanna go through the list? How big is your file?' Phoenix asked, now more focused on the conversation.
`Huh? Which file?'
`The dictionary file. The words to feed into the password cracker,'
Phoenix replied.
Electron pulled up his list of dictionary words and looked at it. I'm going to have to cut this list down a bit, he thought. The dictionary was part of the password cracking program. The larger the dictionary, the longer it took the computer to crack a list of passwords. If he could weed out obscure words—words that people were unlikely to pick as passwords—then he could make his cracker run faster.
An efficient password cracker was a valuable tool. Electron would feed his home computer a password file from a target computer, say from Melbourne University, then go to bed. About twelve hours later, he would check on his machine's progress.
If he was lucky, he would find six or more accounts—user names and their passwords—waiting for him in a file. The process was completely automated. Electron could then log into Melbourne University using the cracked accounts, all of which could be used as jumping-off points for hacking into other systems for the price of a local telephone call.
Cracking Unix passwords wasn't inordinately difficult, provided the different components of the program, such as the dictionary, had been set up properly. However, it was time-consuming. The principle was simple. Passwords, kept in password files with their corresponding user names, were encrypted. It was as impossible to reverse the encryption process as it was to unscramble an omelette. Instead, you needed to recreate the encryption process and compare the results.
There were three basic steps. First, target a computer and get a copy of its password file. Second, take a list of commonly used passwords, such as users' names from the password file or words from a dictionary, and encrypt those into a second list. Third, put the two lists side by side and compare them. When you have a match, you have found the password.
However, there was one important complication: salts. A salt changed the way a password was encrypted, subtly modifying the way the DES encryption algorithm worked. For example, the word `Underground' encrypts two different ways with two different salts: `kyvbExMcdAOVM' or `lhFaTmw4Ddrjw'. The first two characters represent the salt, the others represent the password. The computer chooses a salt randomly when it encrypts a user's password. Only one is used, and there are 4096 different salts. All Unix computers use salts in their password encryption process.
Salts were intended to make password cracking far more difficult, so a hacker couldn't just encrypt a dictionary once and then compare it to every list of encrypted passwords he came across in his hacking intrusions. The 4096 salts mean that a hacker would have to use 4096 different dictionaries—each encrypted with a different salt—to discover any dictionary word passwords.
On any one system penetrated by Electron, there might be only 25 users, and therefore only 25 passwords, most likely using 25 different salts. Since the salt characters were stored immediately before the encrypted password, he could easily see which salt was being used for a particular password. He would therefore only have to encrypt a dictionary 25 different times.
Still, even encrypting a large dictionary 25 times using different salts took up too much hard-drive space for a basic home computer. And that was just the dictionary. The most sophisticated cracking programs also produced `intelligent guesses' of passwords. For example, the program might take the user's name and try it in both upper- and lower-case letters. It might also add a `1' at the end. In short, the program would create new guesses by permutating, shuffling, reversing and recombining basic information such as a user's name into new `words'.
`It's 24000 words. Too damn big,' Electron said. Paring down a dictionary was a game of trade-offs. The fewer words in a cracking dictionary, the less time it was likely to take a computer to break the encrypted passwords. A smaller dictionary, however, also meant fewer guesses and so a reduced chance of cracking the password of any given account.
`Hmm. Mine's 24328. We better pare it down together.'