Underground by Suelette Dreyfus (top rated books of all time txt) 📕
The critics have been good to `Underground', for which I am verygrateful. But the best praise came from two of the hackers detailed inthe book. Surprising praise, because while the text is free of thenarrative moralising that plague other works, the selection of materialis often very personal and evokes mixed sympathies. One of the hackers,Anthrax dropped by my office to say `Hi'. Out of the blue, he said witha note of amazement, `When I read those chapters, it was so real, as ifyou had been right there inside my head'. Not long after Par, half aworld away, and with a real tone of bewildered incredulity in his voicemade exactly the same observation. For a writer, it just doesn't get anybetter than that.
By releasing this book for free on the Net, I'm hoping more peoplewill not only enjoy the story of how the international computerunderground rose to power, but also make
Read free book «Underground by Suelette Dreyfus (top rated books of all time txt) 📕» - read online or download for free at americanlibrarybooks.com
- Author: Suelette Dreyfus
- Performer: 1863305955
Read book online «Underground by Suelette Dreyfus (top rated books of all time txt) 📕». Author - Suelette Dreyfus
`There’s been some damage, but we don’t know how much. The sense I get is it’s fairly positive,’ a NASA spokesman told UPI. `But there are some problems.‘16 In Washington, Pentagon spokesman Rick Oborn reassured the public again, `They are going to be able to handle shuttle tracking and support for the mission … They will be able to do their job’.17
Atlantis waited, ready to go, at launchpad 39B. The technicians had filled the shuttle up with rocket fuel and it looked as if the weather might hold. It was partly cloudy, but conditions at Kennedy passed muster.
The astronauts boarded the shuttle. Everything was in place.
But while the weather was acceptable in Florida, it was causing some problems in Africa, the site of an emergency landing location. If it wasn’t one thing, it was another. NASA ordered a four-minute delay.
Finally at 12.54 p.m., Atlantis boomed from its launchpad. Rising up from the Kennedy Center, streaking a trail of twin flames from its huge solid-fuel boosters, the shuttle reached above the atmosphere and into space.
At 7.15 p.m., exactly 6 hours and 21 minutes after lift-off, Galileo began its solo journey into space. And at 8.15 p.m., Galileo’s booster ignited.
Inside shuttle mission control, NASA spokesman Brian Welch announced, `The spacecraft Galileo … has achieved Earth escape velocity’.18
Monday, 30 October 1989 NASA’s Goddard Space Flight Center, Greenbelt, Maryland
The week starting 16 October had been a long one for the SPAN team. They were keeping twelve-hour days and dealing with hysterical people all day long. Still, they managed to get copies of anti-WANK out, despite the limitations of the dated SPAN records and the paucity of good logs allowing them to retrace the worm’s path. `What we learned that week was just how much data is not collected,’ McMahon observed.
By Friday, 20 October, there were no new reports of worm attacks. It looked as though the crisis had passed. Things could be tidied up by the rest of the SPAN team and McMahon returned to his own work.
A week passed. All the while, though, McMahon was on edge. He doubted that someone who had gone to all that trouble of creating the WANK worm would let his baby be exterminated so quickly. The decoy-duck strategy only worked as long as the worm kept the same process name, and as long as it was programmed not to activate itself on systems which were already infected. Change the process name, or teach the worm to not to suicide, and the SPAN team would face another, larger problem. John McMahon had an instinct about the worm; it might just be back.
His instinct was right.
The following Monday, McMahon received another phone call from the SPAN project office. When he poked his head in his boss’s office, Jerome Bennett looked up from his desk.
`The thing is back,’ McMahon told him. There was no need to explain what `the thing’ was. `I’m going over to the SPAN office.’
Ron Tencati and Todd Butler had a copy of the new WANK worm ready for McMahon. This version of the worm was far more virulent. It copied itself more effectively and therefore moved through the network much faster. The revised worm’s penetration rate was much higher—more than four times greater than the version of WANK released in the first attack. The phone was ringing off the hook again. John took a call from one irate manager who launched into a tirade. `I ran your anti-WANK program, followed your instructions to the letter, and look what happened!’
The worm had changed its process name. It was also designed to hunt down and kill the decoy-duck program. In fact, the SPAN network was going to turn into a rather bloody battlefield. This worm didn’t just kill the decoy, it also killed any other copy of the WANK worm. Even if McMahon changed the process name used by his program, the decoy-duck strategy was not going to work any longer.
There were other disturbing improvements to the new version of the WANK worm. Preliminary information suggested it changed the password on any account it got into. This was a problem. But not nearly as big a problem as if the passwords it changed were for the only privileged accounts on the system. The new worm was capable of locking a system manager out of his or her own system.
Prevented from getting into his own account, the computer manager might try borrowing the account of an average user, call him Edwin. Unfortunately, Edwin’s account probably only had low-level privileges. Even in the hands of a skilful computer manager, the powers granted to Edwin’s account were likely too limited to eradicate the worm from its newly elevated status as computer manager. The manager might spend his whole morning matching wits with the worm from the disadvantaged position of a normal user’s account. At some point he would have to make the tough decision of last resort: turn the entire computer system off.
The manager would have to conduct a forced reboot of the machine. Take it down, then bring it back up on minimum configuration. Break back into it. Fix the password which the worm had changed. Logout. Reset some variables. Reboot the machine again. Close up any underlying security holes left behind by the worm. Change any passwords which matched users’ names. A cold start of a large VMS machine took time. All the while, the astronomers, physicists and engineers who worked in this NASA office wouldn’t be able to work on their computers.
At least the SPAN team was better prepared for the worm this time. They had braced themselves psychologically for a possible return attack. Contact information for the network had been updated. And the general DECNET internet community was aware of the worm and was lending a hand wherever possible.
Help came from a system manager in France, a country which seemed to be of special interest to the worm’s author. The manager, Bernard Perrot of Institut de Physique Nucleaire in Orsay, had obtained a copy of the worm, inspected it and took special notice of the creature’s poor error checking ability. This was the worm’s true Achilles’ heel.
The worm was trained to go after the RIGHTSLIST database, the list of all the people who have accounts on the computer. What if someone moved the database by renaming it and put a dummy database in its place? The worm would, in theory, go after the dummy, which could be designed with a hidden bomb. When the worm sniffed out the dummy, and latched onto it, the creature would explode and die. If it worked, the SPAN team would not have to depend on the worm killing itself, as they had during the first invasion. They would have the satisfaction of destroying the thing themselves.
Ron Tencati procured a copy of the French manager’s worm-killing program and gave it to McMahon, who set up a sort of mini-laboratory experiment. He cut the worm into pieces and extracted the relevant bits. This allowed him to test the French worm-killing program with little risk of the worm escaping and doing damage. The French program worked wonderfully. Out it went. The second version of the worm was so much more virulent, getting it out of SPAN was going to take considerably longer than the first time around. Finally, almost two weeks after the second onslaught, the WANK worm had been eradicated from SPAN.
By McMahon’s estimate, the WANK worm had incurred up to half a million dollars in costs. Most of these were through people wasting time and resources chasing the worm instead of doing their normal jobs. The worm was, in his view, a crime of theft. `People’s time and resources had been wasted,’ he said. `The theft was not the result of the accident. This was someone who deliberately went out to make a mess.
`In general, I support prosecuting people who think breaking into machines is fun. People like that don’t seem to understand what kind of side effects that kind of fooling around has. They think that breaking into a machine and not touching anything doesn’t do anything. That is not true. You end up wasting people’s time. People are dragged into the office at strange hours. Reports have to be written. A lot of yelling and screaming occurs. You have to deal with law enforcement. These are all side effects of someone going for a joy ride in someone else’s system, even if they don’t do any damage. Someone has to pay the price.’
McMahon never found out who created the WANK worm. Nor did he ever discover what he intended to prove by releasing it. The creator’s motives were never clear and, if it had been politically inspired, no-one took credit.
The WANK worm left a number of unanswered questions in its wake, a number of loose ends which still puzzle John McMahon. Was the hacker behind the worm really protesting against NASA’s launch of the plutonium-powered Galileo space probe? Did the use of the word `WANK’—a most un-American word—mean the hacker wasn’t American? Why had the creator recreated the worm and released it a second time? Why had no-one, no political or other group, claimed responsibility for the WANK worm?
One of the many details which remained an enigma was contained in the version of the worm used in the second attack. The worm’s creator had replaced the original process name, NETW_, with a new one, presumably to thwart the anti-WANK program. McMahon figured the original process name stood for `netwank’—a reasonable guess at the hacker’s intended meaning. The new process name, however, left everyone on the SPAN team scratching their heads: it didn’t seem to stand for anything. The letters formed an unlikely set of initials for someone’s name. No-one recognised it as an acronym for a saying or an organisation. And it certainly wasn’t a proper word in the English language. It was a complete mystery why the creator of the WANK worm, the hacker who launched an invasion into hundreds of NASA and DOE computers, should choose this weird word.
The word was `OILZ’.
Chapter 2 — The Corner Pub.You talk of times of peace for all; and then prepare for war.
— from `Blossom of Blood’, Species Deceases.
It is not surprising the SPAN security team would miss the mark. It is not surprising, for example, that these officials should to this day be pronouncing the `Oilz’ version of the WANK worm as `oil zee’. It is also not surprising that they hypothesised the worm’s creator chose the word `Oilz’ because the modifications made to the last version made it slippery, perhaps even oily.
Likely as not, only an Australian would see the worm’s link to the lyrics of Midnight Oil.
This was the world’s first worm with a political message, and the second major worm in the history of the worldwide computer networks. It was also the trigger for the creation of FIRST, the Forum of Incident Response and Security Teams.2 FIRST was an international security alliance allowing governments, universities and commercial organisations to share information about computer
Comments (0)