Mendax tried again. And again. And again. He began to get worried. What if Prime Suspect was on NorTel at that moment? What if a trace had been installed? What if they had called in the Feds?
Mendax phoned Trax and asked if there was any way they could manipulate the exchange in order to interrupt the call. There wasn't.
`Trax, you're the master phreaker,' Mendax pleaded. `Do something.
Interrupt the connection. Disconnect him.'
`Can't be done. He's on a step-by-step telephone exchange. There's nothing we can do.'
Nothing? One of Australia's best hacker-phreaker teams couldn't break one telephone call. They could take control of whole telephone exchanges but they couldn't interrupt one lousy phone call. Jesus.
Several hours later, Mendax was able to get through to his fellow IS hacker. It was an abrupt greeting.
`Just tell me one thing. Tell me you haven't been in NorTel today?'
There was a long pause before Prime Suspect answered.
`I have been in NorTel today.'
Chapter 9 — Operation Weather.
The world is crashing down on me tonight; The walls are closing in on me tonight.
— from `Outbreak of Love', Earth and Sun and Moon.
The AFP was frustrated. A group of hackers were using the Royal Melbourne Institute of Technology (RMIT) as a launchpad for hacking attacks on Australian companies, research institutes and a series of overseas sites.
Despite their best efforts, the detectives in the AFP's Southern Region Computer Crimes Unit hadn't been able to determine who was behind the attacks. They suspected it was a small group of Melbourne-based hackers who worked together. However, there were so much hacker activity at RMIT it was difficult to know for sure. There could have been one organised group, or several. Or perhaps there was one small group along with a collection of loners who were making enough noise to distort the picture.
Still, it should have been a straightforward operation. The AFP could trace hackers in this sort of situation with their hands tied behind their backs. Arrange for Telecom to whack a last party recall trace on all incoming lines to the RMIT modems. Wait for a hacker to logon, then isolate which modem he was using. Clip that modem line and wait for Telecom to trace that line back to its point of origin.
However, things at RMIT were not working that way. The line traces began failing, and not just occasionally. All the time.
Whenever RMIT staff found the hackers on-line, they clipped the lines and Telecom began tracking the winding path back to the originating phone number. En route, the trail went dead. It was as if the hackers knew they were being traced … almost as if they were manipulating the telephone system to defeat the AFP investigation.
The next generation of hackers seemed to have a new-found sophistication which frustrated AFP detectives at every turn. Then, on 13 October 1990, the AFP got lucky. Perhaps the hackers had been lazy that day, or maybe they just had technical problems using their traceless phreaking techniques. Prime Suspect couldn't use Trax's traceless phreaking method from his home because he was on a step-by-step exchange, and sometimes Trax didn't use the technique. Whatever the reason, Telecom managed to successfully complete two line traces from RMIT and the AFP now had two addresses and two names. Prime Suspect and Trax.
`Hello, Prime Suspect.'
`Hiya, Mendax. How's tricks?'
`Good. Did you see that RMIT email? The one in Geoff Huston's mailbox?' Mendax walked over to open a window as he spoke. It was spring, 1991, and the weather was unseasonably warm.
`I did. Pretty amazing. RMIT looks like it will finally be getting rid of those line traces.'
`RMIT definitely wants out,' Mendax said emphatically.
`Yep. Looks like the people at RMIT are sick of Mr Day crawling all over their computers with line traces.'
`Yeah. That admin at RMIT was pretty good, standing up to AARNET and the AFP. I figure Geoff Huston must be giving him a hard time.'
`I bet.' Prime Suspect paused. `You reckon the Feds have dropped the line traces for real?'
`Looks like it. I mean if RMIT kicks them out, there isn't much the Feds can do without the uni's cooperation. The letter sounded like they just wanted to get on with securing their systems. Hang on. I've got it here.'
Mendax pulled up a letter on his computer and scrolled through it.
From aarnet-contacts-request@jatz.aarnet.edu.au Tue May 28 09:32:31 1991
Received: by jatz.aarnet.edu.au id AA07461
(5.65+/IDA-1.3.5 for pte900); Tue, 28 May 91 09:31:59 +1000
Received: from possum.ecg.rmit.OZ.AU by jatz.aarnet.edu.au with SMTP id AA07457
(5.65+/IDA-1.3.5 for /usr/lib/sendmail -oi -faarnet-contacts-request aarnet-contacts-recipients); Tue, 28 May 91 09:31:57 +1000
Received: by possum.ecg.rmit.OZ.AU for aarnet-contacts@aarnet.edu.au)
Date: Tue, 28 May 91 09:32:08 +1000
From: rcoay@possum.ecg.rmit.OZ.AU (Alan Young)
Message-Id: <9105272332.29621@possum.ecg.rmit.OZ.AU>
To: aarnet-contacts@aarnet.edu.au
Subject: Re: Hackers
Status: RO
While no one would disagree that `Hacking' is bad and should be stopped, or at least minimised there are several observations which I have made over the last six or eight months relating to the persuit of these people:
1. The cost involved was significant, we had a CSO working in conjunction with the Commonwealth Police for almost three months full time.
2. While not a criticism of our staff, people lost sight of the ball, the chase became the most important aspect of the whole exercise.
3. Catching Hackers (and charging them) is almost impossible, you have to virtually break into their premises and catch them logged on to an unauthorised machine.
4. If you do happen to catch and charge them, the cost of prosecution is high, and a successful outcome is by no ways assured. There may be some deterrent value in at least catching and prosecuting?
5. Continued pursuit of people involved requires doors to be left open, this unfortunately exposes other sites and has subjected us to some criticism.
The whole issue is very complex, and in some respects it is a case of diminishing returns. A fine balance has to be maintained between freedom, and the prevention of abuse, this appears to be the challenge.
Allan Young
RMIT
