Approaching Zero, Paul Mungo [good summer reads TXT] 📗
- Author: Paul Mungo
- Performer: -
Book online «Approaching Zero, Paul Mungo [good summer reads TXT] 📗». Author Paul Mungo
now controlled by Fujitsu of Japan). Nick was passionate in his admiration for
ICL computers; he never hacked anything else, and both the MoD and MI5 use
them.
Whiteley’s ambition was to buy his own ICL: he especially coveted the 3980,
their top-of-the-line mainframe. In his daytime job, he worked on an ICL 2966,
a smaller model, but still a formidable mainframe. Whenever Nick felt his
fellow workers were making fun of him—which he believed they did because he
was only an operator, rather than a real programmer—he would fantasize about
the 3980. It was twenty times faster than the 2966 and could support far more
individual users. But he had to admit that on his salary it would take a long
time to earn the down payment on the almost $2 million purchase price.
Nick had originally wanted to be a computer programmer or to work in technical
support. But without a university degree his chances of becoming a programmer
were limited: he would need to go back to college to get the qualifications. So
instead he became an operator, or “tape monkey,” employed to ensure that there
was enough computer tape in the drive and enough paper in the printer to keep
the machinery running. Though he had been offered a promotion to senior
operator, he had turned it down against a vague promise of a job in technical
support sometime in the future.
Then nineteen years old, Nick lived with his parents in their home in Enfield
in north London. He was affable, intelligent, and articulate, was generally
casually dressed—sweatshirt, jeans, sneakers—and had nicotine-stained
fingers.
Nick’s life became consumed by his passion for the ICL. He was fascinated by
its operating system and by the language—called SCL (System Control Language
used to write its programs. Of course he had to admit that his ambition to buy
an ICL 3980 was pretty unrealistic. Even if he had enough money to buy one, he
would certainly have no use for a computer that was designed for large
businesses. But then he would begin to worry about what would happen if he lost
his job or had to leave the company. Where would he go to work on an ICL then?
In his bedroom in his parents’ house Nick had a personal computer, a Commodore
Amiga 1000, equipped with a modem. He had intended to use the modem to dial in
to electronic bulletin boards—specialist data and information services, like
Prestel but generally run by private individuals. It was never his intention to
start hacking, he says; he thought it would be boring. Nonetheless, he started
reading a guide called The Hacker’s Handbook. The Handbook had been written by
a British hacker known as “Hugo Cornwall” and achieved instant notoriety when
it was first published in March 1985. Guided by the Handbook, he began dialing
into more bulletin boards. (He found that about 20 percent of them had hacker
sections.) With the information he obtained from the Handbook and the bulletin
boards he learned how to find the access phone numbers for other computers, and
how to deal with IDs and passwords. The Handbook was especially useful: it
contained a list of phone numbers that gave access to JANET.
JANET is the earnestly friendly acronym for the Joint Academic Network, a
system that links computers in eighty to ninety universities, polytechnics, and
research centers throughout the United Kingdom. Because it is designed to be
used by students and researchers. the network needs to be relatively open, and
tries to present a friendly face to users: hence the feminine acronym and the
useful tutorial and guide provided by the system when a user types HELP-The
network’s various data banks also contain a wealth of inforrnation on subjects
as dissimilar as military research and theoretical physics. For Nick, however,
the chief appeal of JANET was that it linked a number of ICLs on different
sites around the country. By accessing JANET he could play around on his
favorite computers from his home, just by using his little Commodore.
Nick attempted his first hack in January 1988. He first dialed up a number for
the computer center at Queen Mary College, where he knew there was an ICL 2988.
Because Queen Mary is not far from Nick’s home, the telephone charges would be
lower; also, most colleges are easy targets because they generally have weak
security. He got the dial-up from The Hacker’s Handbook—but that, as he knew,
would only get him to the front door. Access to the QMC computer would be like
gaining entry to the Prestel system. To get inside, Nick would need both a
user-name—a log-in or ID—and a password. The user-name at QMC is an
individual seven-character ID; the password is a one-way encrypted code. (One
way means the code can only be encrypted once and is entirely random; if the
user forgets the password, a new one needs to be created.)
That was the theory, anyway. But Nick knew that some software supplied by ICL
includes a standard, or default, “low-security” user-name, one that doesn’t
require a password. Nick had barned the default user-name from his job and his
constant reading of ICL promotional material, manuals, and security information. And because Queen Mary College had never changed its default
user-name, it had left its back door wide open, making it easy for Nick to
walk right in to the college’s mainframe ICL on his first try.
The sole drawback from Nick’s point of view was that the low-security user-name
gave him only restricted access to the computer. The QMC computer had a strict
hierarchy of user
status, and the environment of low-security users—the areas on the computer
they could enter—was severely limited. Most ordinary users had higher status,
though their environment was usually restricted by the nature of their tasks.
At the apex of the hierarchy, as with Prestel, was the systems manager, who had
access to everything. At QMC the sysman is in complete control of the computer,
assigning status to other users, overseeing the functioning of the system, and
managing the programs and data.
Nick’s objective was to capture sysman status. Without it his options were too
limited, his environment too restricted. He began searching through the files,
using his knowledge of the minutiae of ICL operating systems to find his way
through the electronic pathways of the QMC computer. He ran into walls or traps
designed to keep him out of restricted areas, but he kept trying.
Nick’s hobby, his only one, was collecting unlisted commands for ICL computers.
These are keyboard operations that the company doesn’t document, which can be
discovered by experimentation. Sometimes these got him around the traps and
farther into the system. Slowly he moved through the back alleys of the QMC
systems until finally he was able to access the operator libraries, the
collection of programs that manage the computer. He knew that the keys to
raising his status lay among the programs. He had been hacking for hours by
then, but he didn’t notice the time or his own tiredness. He played with
commands, his little PC sending signals from his bedroom in Enfield through the
telephone lines to the mainframe at QMC. He went through the programs systematically, coaxing the ICL, trying to outsmart the security systems that had
been put in place precisely to stop someone like him. Eventually the machine
yielded. On his first hack Nick had managed to capture system-manager status.
He decided not to play with the QMC computer too much—the capture of sysman
status was too valuable to lose by leaving obvious evidence; also, he needed
QMC as a jumping-off point for other computers on JANET. He roamed about the
QMC computer for a bit, looking at electronic mailboxes and assessing different
files. Then he used his sysman status to create four new user-names, OLAD011,
OLAD024, OLAD028, and OLAD059, which would allow him continual entry to the QMC
machine. He assigned the four user-names to Alan Dolby.
The best part of the JANET network, from Nick’s point of view, was that it was
a freeway: entry into one point on the system gave a direct route to other
points. That meant that he could dial into QMC and then link into other ICLs
at other sites. Conveniently, the ever-friendly network listed the sites on the
system by computer manufacturer, so he knew just where to go to find more ICLs.
One of Nick’s targets was an ICL at Glasgow University in Scotland. Eventually
he linked into Glasgow by logging in as a guest user. He used the same
technique to break into the ICL at Hull University and others in Nottingham,
Belfast, and Bath.
Nick saw hacking as simply a means to play on ICLs. He wasn’t interested in
stealing information from the network, and in fact, he had no real purpose at
all. He was hooked on ICLs and wanted only to be able to work on them, to play
around on the operating system, to explore the complexities of the network. He
told his parents there wasn’t anything illegal in what he was doing, and
technically he was correct: at the time there were no laws in the U.K. that
specifically addressed hacking, and the Gold-Schifreen case had seemed to make
the practice beyond the law.
Once Nick had started hacking the Whiteley family phone bills soared from
around $100 a quarter to over $1,600. But Nick always paid his share. He could
afford to do so because he had no other social life: no expensive habits, no
girlfriends. He went to work came home, and started hacking. He hacked at night
because it fit into his schedule, and also because the phone rates were
cheaper, there was less line noise, and the target computers would be unmanned.
The trick was, he said later, to stay awake; sometimes he hacked all through
the night and then had to go to
work the next morning. His “day” could stretch to twenty-eight hours: first
eight hours at work, then a night spent hacking, then another eight hours at
work trying to stay awake while keeping the printer stuffed with paper and the
tape running in the drive. After a marathon stretch like that he would take the
next night off and go to bed early.
“It was obsessive,” Nick later explained. “Five or six hours can seem like five
minutes.” He drank coffee and Coke and ingested caffeine tablets to keep going.
“When you get into a system, you must keep going. It might take four or five
hours to penetrate the defenses and another four or five hours to protect the
position that has been established. If protection isn’t put into place, then
the earlier work could be wasted.” The challenge was in beating the system;
success came from staying awake. It gave him a feeling of power: he enjoyed
knowing that while the designated sysman thought he controlled the computer, in
fact it was himself, Nick, who had manipulated system-manager status and was
really in control.
Nick compared hacking to a game of chess, a battle of wits between himself and
the system, nothing criminal, just a game.
The excitement comes from knowing that a computer in the bedroom at home can be
used to break into multimillion-dollar installations. There’s the thrill of
exploration, of going around the world electronically. The objective is to try
to gain the highest status within the system, that of system manager, and once
there, to begin making the rules instead of following them. If the system
manager blocks one way in, then you find another. It becomes a game with the
systems manager; the hacker’s goal is simply to try to persuade the computer
that he should have increased privileges.
One person who didn’t see it as a game
Comments (0)