Finally, the admin woke up. He began checking the modem lines, one by one. If he knew which line the hacker was using, he could simply turn off the modem. Or request a trace on the line.
Mendax sent another anonymous message to the admin's computer screen:
It's been nice playing with your system.
We didn't do any damage and we even improved a few things. Please don't call the Australian Federal Police.
The admin ignored the message and continued his search for the hacker. He ran a program to check which telephone lines were active on the system's serial ports, to reveal which dial-up lines were in use. When the admin saw the carrier detect sign on the line being used by the hacker, Mendax decided it was time to bail out. However, he wanted to make sure that his call had not been traced, so he lifted the receiver of his telephone, disconnected his modem and waited for the NorTel modem to hang up first.
If the NorTel admin had set up a last party recall trace to determine what phone number the hacker was calling from, Mendax would know. If an LPR trace had been installed, the NorTel end of the telephone connection would not disconnect but would wait for the hacker's telephone to hang up first. After 90 seconds, the exchange would log the phone number where the call had originated.
If, however, the line did not have a trace on it, the company's modem would search for its lost connection to the hacker's modem. Without the continuous flow of electronic signals, the NorTel modem would hang up after a few seconds. If no-one reactivated the line at the NorTel end, the connection would time-out 90 seconds later and the telephone exchange would disconnect the call completely.
Mendax listened anxiously as the NorTel modem searched for his modem by squealing high-pitched noises into the telephone line. No modem here. Go on, hang up.
Suddenly, silence.
OK, thought Mendax. Just 90 seconds to go. Just wait here for a minute and a half. Just hope the exchange times out. Just pray there's no trace.
Then someone picked up the telephone at the NorTel end. Mendax started. He heard several voices, male and female, in the background. Jesus. What were these NorTel people on about? Mendax was so quiet he almost stopped breathing. There was silence at the receivers on both ends of that telephone line. It was a tense waiting game. Mendax heard his heart racing.
A good hacker has nerves of steel. He could stare down the toughest, stony-faced poker player. Most importantly, he never panics. He never just hangs up in a flurry of fear.
Then someone in the NorTel office—a woman—said out loud in a confused voice, `There's nothing there. There's nothing there at all.'
She hung up.
Mendax waited. He still would not hang up until he was sure there was no trace. Ninety seconds passed before the phone timed out. The fast beeping of a timed-out telephone connection never sounded so good.
Mendax sat frozen at his desk as his mind replayed the events of the past half hour again and again. No more NorTel. Way too dangerous. He was lucky he had escaped unidentified. NorTel had discovered him before they could put a trace on the line, but the company would almost certainly put a trace on the dial-up lines now. NorTel was very tight with Telecom. If anyone could get a trace up quickly, NorTel could. Mendax had to warn Prime Suspect and Trax.
First thing in the morning, Mendax rang Trax and told him to stay away from NorTel. Then he tried Prime Suspect.
The telephone was engaged.
Perhaps Prime Suspect's mother was on the line, chatting. Maybe Prime
Suspect was talking to a friend.
Mendax tried again. And again. And again. He began to get worried. What if Prime Suspect was on NorTel at that moment? What if a trace had been installed? What if they had called in the Feds?
Mendax phoned Trax and asked if there was any way they could manipulate the exchange in order to interrupt the call. There wasn't.
`Trax, you're the master phreaker,' Mendax pleaded. `Do something.
Interrupt the connection. Disconnect him.'
`Can't be done. He's on a step-by-step telephone exchange. There's nothing we can do.'
Nothing? One of Australia's best hacker-phreaker teams couldn't break one telephone call. They could take control of whole telephone exchanges but they couldn't interrupt one lousy phone call. Jesus.
Several hours later, Mendax was able to get through to his fellow IS hacker. It was an abrupt greeting.
`Just tell me one thing. Tell me you haven't been in NorTel today?'
There was a long pause before Prime Suspect answered.
`I have been in NorTel today.'
Chapter 9 — Operation Weather.
The world is crashing down on me tonight; The walls are closing in on me tonight.
— from `Outbreak of Love', Earth and Sun and Moon.
The AFP was frustrated. A group of hackers were using the Royal Melbourne Institute of Technology (RMIT) as a launchpad for hacking attacks on Australian companies, research institutes and a series of overseas sites.
Despite their best efforts, the detectives in the AFP's Southern Region Computer Crimes Unit hadn't been able to determine who was behind the attacks. They suspected it was a small group of Melbourne-based hackers who worked together. However, there were so much hacker activity at RMIT it was difficult to know for sure. There could have been one organised group, or several. Or perhaps there was one small group along with a collection of loners who were making enough noise to distort the picture.
Still, it should have been a straightforward operation. The AFP could trace hackers in this sort of situation with their hands tied behind their backs. Arrange for Telecom to whack a last party recall trace on all incoming lines to the RMIT modems. Wait for a hacker to logon, then isolate which modem he was using. Clip that modem line and wait for Telecom to trace that line back to its point of origin.
However, things at RMIT were not working that way. The line traces began failing, and not just occasionally. All the time.
Whenever RMIT staff found the hackers on-line, they clipped the lines and Telecom began tracking the winding path back to the originating phone number. En route, the trail went dead. It was as if the hackers knew they were being traced … almost as if they were manipulating the telephone system to defeat the AFP investigation.
The next generation of hackers seemed to have a new-found sophistication which frustrated AFP detectives at every turn. Then, on 13 October 1990, the AFP got lucky. Perhaps the hackers had been lazy that day, or maybe they just had technical problems using their traceless phreaking techniques. Prime Suspect couldn't use Trax's traceless phreaking method from his home because he was on a step-by-step exchange, and sometimes Trax didn't use the technique. Whatever the reason, Telecom managed to successfully complete two line traces from RMIT and the AFP now had two addresses and two names. Prime Suspect and Trax.
`Hello, Prime Suspect.'