Approaching Zero, Paul Mungo [good summer reads TXT] 📗

tried calling up Altos—the board in Munich that had become an

internationa hacker hangout—to find out what was going on, but the board was

down due to some sort of technical fault.

 

To the watching Secret Service agents, at least some of the messages suggested

that American hackers might well follow in the footsteps of the Soviet hacker

gang and go into business selling military or industrial secrets. It was

disquieting—even if the characteristic hacker bravado was taken into account.

 

But in reality, the Soviet hacker gang was only a momentary distraction for the

Legion of Doom. By the next day the flurry of interest had died out; the

bulletin board messages resumed the usual pattern—technical queries; reports

on hacking sites; postings about police surveillance, about Secret Service

monitoring, about the FBI and the CIA.

 

Black ICE was the LoD’s principal board, and was restricted to twenty users

(mostly LoD members). It was accessed by remote call forwarding, which kept it-

-or so it was believed—one step ahead of the law. The name Black ICE came

from a novel by the science-fiction writer William Gibson. ICE, for Intrusion

Countermeasures Electronics, was a program that kept watch for hackers; when it

detected them, it literally “fried their brains”—the deadly “black”

countermeasure.

 

The author William Gibson is an icon in the computer underworld, and his

imaginative sci-fi thrillers have acquired cult status. In his best-known book,

Neuromancer (1984), Gibson created a world he called Cyberspace, populated by

computer cowboys who roamed the space’s electronic systems. Neuromancer

forecast the world of hackers—the networks and communication links that they

inhabit—and gave them an alternate, more glamorous identity. The networks

became known as Cyberspace, and the hacker became a Cyberpunk.

 

The conceit became common in the late 1980S. The Cyberpunk image complemented

the secrecy and role-playing of handles, and it gave a whole new identity to

fifteen-year-old computer wizards sitting in front of their computer screens.

They weren’t just teenagers, or even hackers—they were Cyberpunks, the

meanest, toughest technology junkies in the world.

 

The Legion of Doom was the best-known Cyberpunk gang in America; certainly it

generated the most press. Like Chaos in Germany, the gang was conscious of the

publicity value of a sinister, slightly menacing name. One of its members was

once asked why they picked it: “What else could we have called our-selves?” he

answered. “The Legion of Flower Pickers?”

 

The LoD’s origins go back to the summer of 1984, when a hacker named Lex Luthor

set up one of the first specialist hacker bulletin boards, based in Florida. It

was an elite, invitation-only board, with detailed files on hacking and related

crafts, such as social engineering and dumpster diving.

 

The first Legion of Doom had nine members, with handles such as Karl Marx,

Agrajag the Prolonged, and King Blotto. The gang has been re-formed three times

since. It went into decline when five of the original Legionnaires were busted,

but bounced back in 1986 and again in 1988. The latest re-formation took place

in late 1990. It was never a large group, and although the original LoD board

had more than 150 users, admission to the bulletin board was not the same as

gang membership. The LoD was the elite of the elite, a sort of inner circle.

The real LoD generally hovered between nine and eleven members; it has never

had more than twelve at any one time. Between 1984 and January 1992 there were

only forty confirmed LoD members in total.

 

The LoD was eulogized by the hacker bulletin PHRACK after one of its periodic

demises:

 

LoD members may have entered into systems numbering in the tens of thousands,

they may have peeped into credit histories, they may have snooped into files

and buffered [stolen] interesting text, they may still have control over entire

computer networks, but what damage have they done?

 

The answer is none—well, almost none. There are the inevitable exceptions:

unpaid use of CPU [Central Processing Unit] time and network access charges.

 

What personal gains have any members gained? Again, the answer is none—apart

from three instances of credit fraud that were instigated by three separate

greedy individuals without group knowledge.

 

The bulletin concluded, “The Legion of Doom will long be remembered as an

innovative and pioneering force.”

 

But the LoD was not the only group on the electronic block: it had rivals,

other high-tech gangs that contested LoD’s reputation as the best hackers in

Cyberspace. One of these other gangs was MoD—which, depending on whom you ask

and what time of day it is, stands for either Masters of Destruction or Masters

of Deception or sometimes Mom’s on Drugs. The MoD membership was centered in

New York; the gang included hackers such as Corrupt, Julio, Renegade Hacker,

and, from Philadelphia, the Wing.

 

But LoD’s most serious rival was DPAC, a gang with members in both Maryland and

New Jersey. The group had taken its name from a Canadian data communications

system (a contraction of “Data Packet”) and was led, off and on, by a hacker

called Sharp. Membership in DPAC varied, but included Remob (after the device

that allows phones to be tapped remotely), Meat Puppet, the Executioner,

Supernigger, and GZ. Despite the handle, Supernigger wasn’t black; and GZ, very

unusually, was female.

 

The LoD disparaged the abilities of DPAC members. One of the Black ICE sysops,

the Mentor, messaged,

SUPERNIGGER AND

GZ ARE BOTH BLATANT IDIOTS WHO LIKE TO SHOOT THEIR MOUTHS

OFF. GZ DOES STUFF LIKE HACK MCI FOR DAYS FROM HER HOUSE.

 

The Urvile, though, was less sanguine. In a message to Black ICE, he reported

having received a phone call from someone named Mike Dawson, who claimed to be

a special agent with the Secret Service, telling him that “We’ll be visiting

you tomorrow.” The Urvile thought the voice sounded too young for a Secret

Service agent; he was also bothered that Mike didn’t know his address or last

name.

 

“Are your parents going to be home tomorrow between two and three?” Mike

persisted.

 

“Gee, I guess so.”

 

His parents probably would be home, he thought—but at their home, not his. The

Urvile, at the time, was a university student and lived in his own apartment.

When he asked if the agent knew how old he was, Mike answered, “All will be

made apparent tomorrow.

 

The next day the Urvile removed all his notes and files, just in case. But the

Secret Service never appeared. “I’m betting five to one odds that it’s DPAC,

and I don’t like it one bit,” he said.

 

Ordinarily the Urvile’s concerns could be dismissed as just another bout of

hacker paranoia. But by 1989 the LoD had become involved in a “hacker war” with

DPAC and MoD—a fight for control of Cyberspace, over phone lines and computer

tworks, with threatening messages left on bulletin boards or

swering machines. In one case, an LoD member who worked (somewhat

incongruously) for a telephone company’s security department found taunting

messages on his computer terminal at work. On a more serious level, there were

attempts to reprogram switches to land opponents with astronomical phone bills;

there was one instance of breaking into a credit bureau to destroy a gang

member’s credit rating. But while the three gangs were squabbling among

themselves, the biggest crackdown on hacking in the United States had just

begun.

 

The catalyst was an anonymous phone call to an unlisted residential number in

Indianapolis at eight P.M. on June 29, 1989.

 

As security manager for Indiana Bell, Robert S. was accustomed to anonymous

calls: he was a prime target for hackers attempting to impress him with their

ability to break into his system and find his home number. And the caller this

night didn’t seem much different from the others. He sounded like a young man

trying to seem older, his voice a mix of swagger and menace. The caller

presented his credentials by repeating Robert’s credit history to him—which

meant only that the anonymous hacker could also break into credit bureau

computers.

 

“Tell you something else, Bob—you don’t mind if I call you Bob, do you? I’ll

tell you, somebody like me who really knows the phone systems could really fuck

things up. I mean I could put your 5ESS’s into an endless loop. You know what I

mean? You know what that would do?”

 

The 5ESS’s were a type of electronic switching system. There were hundreds in

Indiana Bell, thousands around the country. An endless loop is caused by

changing the coding of the switch so that it no longer puts forward calls. The

calls instead just loop around the switch, like a record needle caught in the

same groove. The result would be paralysis: no calls from the switch could get

out.

 

“It could cause a lot of problems. Is that what you’re threatening?”

 

“Sort of. But I’ve made it better than that. I’ve planted computer bombs in

some of the 5ESS’s—time bombs—they’re going to fuck up your switches. The

game is to see if you can find them before they go off. And all I’m going to

tell you about them is that they’re programmed to blow on a national holiday.

They could be anywhere in the country—it’s sort of a competition, a security

test, it’ll give you something interesting to do for a change. You know what I

mean?”

 

The line went dead. Of all the hacker calls Robert had received—most a mix of

braggadocio and hubris—this was one of the few he would think of as

threatening.

 

The threat was the bomb—a piece of computer programming, probably only a short

program, that would be hidden among the thousands of instructions on any 5ESS

switch, anywhere in the country. A computer bomb is a one-shot explosion. It

could throw a switch into an endless loop, it could overload the system—or,

indeed, it could create havoc by releasing a selfreplicating program such as a

worm, which would move through the network, knocking out switch after switch.

 

In a nightmare scenario the country could effectively be closed down for days,

leaving its citizens with no means of communication and cut off from emergency

fire, police, and ambulance services. The cost in terms of lives would be

unthinkable and the revenue losses would be incalculable: crime would soar and

businesses could be forced to shut down.

 

Robert couldn’t know where the bombs had been hidden, nor did he know how many

there were or what they would do when they went off. All he knew was that they

had been set to explode on a national holiday—and five days later it would be

Independence Day, the Fourth of July.

 

He reported the call to his superiors at Indiana Bell and to Bellcore (Bell

Communication Research), which coordinates network security. Given the

imminence of the Fourth of July, Bellcore had little choice but to take the

threat seriously. The company organized an alert, assembling a security task

force consisting of forty-two full-time employees. They would work around the

clock in two twelve-hour shifts examining the 5ESS’s, checking through each and

every program for a few lines of code that could cause disruption.

 

The threat to the phone system was also reported to the United States Secret

Service. The agency, part of the Treasury Department, had been assigned

national responsibility for computer crime in 1984, after a long bureaucratic

battle with the FBI. The limits of its responsibilities and those of the FBI

have never been strictly defined; there have always been areas where the two

agencies overlapped. The Secret Service’s responsibility is to investigate access

device fraud that affects interstate and foreign commerce if there is a minimum

loss of $1000. Their mandate, though, is subject to agreement between the

secretary of the Treasury (their boss) and the Attorney General,