"Unleash your creativity and unlock your potential with MsgBrains.Com - the innovative platform for nurturing your intellect." » English Books » ,,Underground: Hacking, Madness, and Obsession on the Electronic Frontier'' by Suelette Dreyfus🌏🗺️

Add to favorite ,,Underground: Hacking, Madness, and Obsession on the Electronic Frontier'' by Suelette Dreyfus🌏🗺️

Select the language in which you want the text you are reading to be translated, then select the words you don't know with the cursor to get the translation above the selected word!




Go to page:
Text Size:

. . . . . . .

RUNG

The system had just rung all 1000 numbers at the same time. One thousand phones ringing all at once.

What if some buttoned-down Telecom engineer had driven to work early that morning to get some work done? What if he had just settled down at his standard-issue metal Telecom desk with a cup of bad instant coffee in a styrofoam cup when suddenly … every telephone in the skyscraper had rung out simultaneously? How suspicious would that look? Mendax thought it was time to high-tail it out of there.

On his way out, he disabled the logs for the modem line he came in on. That way, no-one would be able to see what he had been up to. In fact, he hoped no-one would know that anyone had even used the dial-up line at all.

Prime Suspect didn't think there was anything wrong with exploring the NorTel computer system. Many computer sites posted warnings in the login screen about it being illegal to break into the system, but the eighteen-year-old didn't consider himself an intruder. In Prime Suspect's eyes, `intruder' suggested someone with ill intent—perhaps someone planning to do damage to the system—and he certainly had no ill intent. He was just a visitor.

Mendax logged into the NMELH1 system by using the account Prime Suspect had given him, and immediately looked around to see who else was on-line. Prime Suspect and about nine other people, only three of whom were actually doing something at their terminal.

Prime Suspect and Mendax raced to get root on the system. The IS hackers may not have been the type to brag about their conquests in the underground, but each still had a competitive streak when it came to see who could get control over the system first. There was no ill will, just a little friendly competition between mates.

Mendax poked around and realised the root directory, which contained the password file, was effectively world writable. This was good news, and with some quick manipulation he would be able to insert something into the root directory. On a more secure system, unprivileged users would not be able to do that. Mendax could also copy things from the directory on this site, and change the names of subdirectories within the main root directory. All these permissions were important, for they would enable him to create a Trojan.

Named for the Trojan horse which precipitated the fall of Troy, the Trojan is a favoured approach with most computer hackers. The hacker simply tricks a computer system or a user into thinking that a slightly altered file or directory—the Trojan—is the legitimate one. The Trojan directory, however, contains false information to fool the computer into doing something the hacker wants. Alternatively, the Trojan might simply trick a legitimate user into giving away valuable information, such as his user name and password.

Mendax made a new directory and copied the contents of the legitimate ETC directory—where the password files were stored—into it. The passwords were encrypted, so there wasn't much sense trying to look at one since the hacker wouldn't be able to read it. Instead, he selected a random legitimate user—call him Joe—and deleted his password. With no password, Mendax would be able to login as Joe without any problems.

However, Joe was just an average user. He didn't have root, which is what Mendax wanted. But like every other user on the system, Joe had a user identity number. Mendax changed Joe's user id to `0'—the magic number. A user with `0' as his id had root. Joe had just acquired power usually only given to system administrators. Of course, Mendax could have searched out a user on the list who already had root, but there were system operators logged onto the system and it might have raised suspicions if another operator with root access had logged in over the dial-up lines. The best line of defence was to avoid making anyone on the system suspicious in the first place.

The problem now was to replace the original ETC directory with the Trojan one. Mendax did not have the privileges to delete the legitimate ETC directory, but he could change the name of a directory. So he changed the name of the ETC directory to something the computer system would not recognise. Without access to its list of users, the computer could not perform most of its functions. People would not be able to log in, see who else was on the system or send electronic mail. Mendax had to work very quickly. Within a matter of minutes, someone would notice the system had serious problems.

Mendax renamed his Trojan directory ETC. The system instantly read the fake directory, including Joe's now non-existent password, and elevated status as a super-user. Mendax logged in again, this time as Joe.

In less than five minutes, a twenty-year-old boy with little formal education, a pokey $700 computer and painfully slow modem had conquered the Melbourne computer system of one of the world's largest telecommunications companies.

There were still a few footprints to be cleaned up. The next time Joe logged in, he would wonder why the computer didn't ask for his password. And he might be surprised to discover he had been transformed into a super-user. So Mendax used his super-user status to delete the Trojan ETC file and return the original one to its proper place. He also erased records showing he had ever logged in as Joe.

To make sure he could login with super-user privileges in future, Mendax installed a special program which would automatically grant him root access. He hid the program in the bowels of the system and, just to be safe, created a special feature so that it could only be activated with a secret keystroke.

Mendax wrestled a root account from NMELH1 first, but Prime Suspect wasn't far behind. Trax joined them a little later. When they began looking around, they could not believe what they had found. The system had one of the weirdest structures they had ever come across.

Most large networks have a hierarchical structure. Further, most hold the addresses of a handful of other systems in the network, usually the systems which are closest in the flow of the external network.

But the NorTel network was not structured that way. What the IS hackers found was a network with no hierarchy. It was a totally flat name space. And the network was weird in other ways too. Every computer system on it contained the address of every other computer, and there were more than 11000 computers in NorTel's worldwide network. What the hackers were staring at was like a giant internal corporate Internet which had been squashed flat as a pancake.

Mendax had seen many flat structures before, but never on this scale. It was bizarre. In hierarchical structures, it is easier to tell where the most important computer systems—and information—are kept. But this structure, where every system was virtually equal, was going to make it considerably more difficult for the hackers to navigate their way through the network. Who could tell whether a system housed the Christmas party invite list or the secret designs for a new NorTel product?

The NorTel network was firewalled, which meant that there was virtually no access from the outside world. Mendax reckoned that this made it more vulnerable to hackers who managed to get in through dial-ups. It appeared that security on the NorTel network was relatively relaxed since it was virtually impossible to break in through the Internet. By sneaking in the backdoor, the hackers found themselves able to raid all sorts of NorTel sites, from St Kilda Road in Melbourne to the corporation's headquarters in Toronto.

It was fantastic, this huge, trusting network of computer sites at their fingertips, and the young hackers were elated with the anticipation of exploration. One of them described it as being `like a shipwrecked man washed ashore on a Tahitian island populated by 11000 virgins, just ripe for the picking'.

They found a YP, or yellow pages, database linked to 400 of the computer sites. These 400 sites were dependent on this YP database for their password files. Mendax managed to get root on the YP database, which gave him instant control over 400 computer systems. Groovy.

One system was home to a senior NorTel computer security administrator and Mendax promptly headed off to check out his mailbox. The contents made him laugh.

A letter from the Australian office said that Australia's Telecom wanted access to CORWAN, NorTel's corporate wide area network. Access would involve linking CORWAN and a small Telecom network. This seemed reasonable enough since Telecom did business with NorTel and staff were communicating all the time.

The Canadian security admin had written back turning down the request because there were too many hackers in the Telecom network.

Too many hackers in Telecom? Now that was funny. Here was a hacker reading the sensitive mail of NorTel's computer security expert who reckoned Telecom's network was too exposed. In fact, Mendax had penetrated Telecom's systems from NorTel's CORWAN, not the other way round.

Perhaps to prove the point, Mendax decided to crack passwords to the NorTel system. He collected 1003 password files from the NorTel sites, pulled up his password cracking program, THC, and started hunting around the network for some spare computers to do the job for him. He located a collection of 40 Sun computers, probably housed in Canada, and set up his program on them.

THC ran very fast on those Sun4s. The program used a 60000 word dictionary borrowed from someone in the US army who had done a thesis on cryptography and password cracking. It also relied on `a particularly nice fast-crypt algorithm' being developed by a Queensland academic, Eric Young. The THC program worked about 30 times faster than it would have done using the standard algorithm.

Using all 40 computers, Mendax was throwing as many as 40000 guesses per second against the password lists. A couple of the Suns went down under the strain, but most held their place in the onslaught. The secret passwords began dropping like flies. In just a few hours, Mendax had cracked 5000 passwords, some 100 of which were to root accounts. He now had access to thousands of NorTel computers across the globe.

There were some very nice prizes to be had from these systems. Gain control over a large company's computer systems and you virtually controlled the company itself. It was as though you could walk through every security barrier unchecked, beginning with the front door. Want each employee's security codes for the office's front door? There it was—on-line.

How about access to the company's payroll records? You could see how much money each person earns. Better still, you might like to make yourself an employee and pay yourself a tidy once-off bonus through electronic funds transfer. Of course there were other, less obvious, ways of making money, such as espionage.

Mendax could have easily found highly sensitive information about planned NorTel products and sold them. For a company like NorTel, which spent more than $1 billion each year on research and development, information leaks about its new technologies could be devastating. The espionage wouldn't even have to be about new products; it could simply be about the company's business strategies. With access to all sorts of internal memos between senior executives, a hacker could procure precious inside information on markets and prices. A competitor might pay handsomely for this sort of information.

And this was just the start of what a malicious or profit-motivated hacker could do. In many companies, the automated aspects of manufacturing plants are controlled by computers. The smallest changes to the programs controlling the machine tools could destroy an entire batch of widgets—and the multi-million dollar robotics machinery which manufactures them.

But the IS hackers had no intention of committing information espionage. In fact, despite their poor financial status as students or, in the case of Trax, as a young man starting his career at the bottom of the totem pole, none of them would have sold information they gained from hacking. In their view, such behaviour was dirty and deserving of contempt—it soiled the adventure and was against their ethics. They considered themselves explorers, not paid corporate spies.

Although the NorTel network was firewalled, there was one link to the Internet. The link was through a system called BNRGATE, Bell-Northern Research's gateway to the Internet. Bell-Northern is NorTel's R&D subsidiary. The connection to the outside electronic world was very restricted, but it looked interesting. The only problem was how to get there.

Mendax began hunting around for a doorway. His password cracking program had not turned up anything for this system, but there were other, more subtle ways of getting a password than the brute force of a cracking program.

System administrators sometimes sent passwords through email. Normally this would be a major security risk, but the NorTel system was firewalled from the Internet, so the admins thought they had no real reason to be concerned about hackers. Besides, in such a large corporation spanning several continents, an admin couldn't always just pop downstairs to give a new company manager his password in person. And an impatient manager was unlikely to be willing to wait a week for the new password to arrive courtesy of snail mail.

In the NorTel network, a mail spool, where email was stored, was often shared between as many as twenty computer systems. This structure offered considerable advantages for Mendax. All he needed to do was break into the mail spool and run a keyword search through its contents. Tell the computer to search for word combinations such as `BNRGATE' and `password', or to look for the name of the system admin for BNRGATE, and likely as not it would deliver tender morsels of information such as new passwords.

Are sens

Copyright 2023-2059 MsgBrains.Com