Approaching Zero, Paul Mungo [good summer reads TXT] 📗

(the company is

now controlled by Fujitsu of Japan). Nick was passionate in his admiration for

ICL computers; he never hacked anything else, and both the MoD and MI5 use

them.

 

Whiteley’s ambition was to buy his own ICL: he especially coveted the 3980,

their top-of-the-line mainframe. In his daytime job, he worked on an ICL 2966,

a smaller model, but still a formidable mainframe. Whenever Nick felt his

fellow workers were making fun of him—which he believed they did because he

was only an operator, rather than a real programmer—he would fantasize about

the 3980. It was twenty times faster than the 2966 and could support far more

individual users. But he had to admit that on his salary it would take a long

time to earn the down payment on the almost $2 million purchase price.

 

Nick had originally wanted to be a computer programmer or to work in technical

support. But without a university degree his chances of becoming a programmer

were limited: he would need to go back to college to get the qualifications. So

instead he became an operator, or “tape monkey,” employed to ensure that there

was enough computer tape in the drive and enough paper in the printer to keep

the machinery running. Though he had been offered a promotion to senior

operator, he had turned it down against a vague promise of a job in technical

support sometime in the future.

 

Then nineteen years old, Nick lived with his parents in their home in Enfield

in north London. He was affable, intelligent, and articulate, was generally

casually dressed—sweatshirt, jeans, sneakers—and had nicotine-stained

fingers.

 

Nick’s life became consumed by his passion for the ICL. He was fascinated by

its operating system and by the language—called SCL (System Control Language

used to write its programs. Of course he had to admit that his ambition to buy

an ICL 3980 was pretty unrealistic. Even if he had enough money to buy one, he

would certainly have no use for a computer that was designed for large

businesses. But then he would begin to worry about what would happen if he lost

his job or had to leave the company. Where would he go to work on an ICL then?

In his bedroom in his parents’ house Nick had a personal computer, a Commodore

Amiga 1000, equipped with a modem. He had intended to use the modem to dial in

to electronic bulletin boards—specialist data and information services, like

Prestel but generally run by private individuals. It was never his intention to

start hacking, he says; he thought it would be boring. Nonetheless, he started

reading a guide called The Hacker’s Handbook. The Handbook had been written by

a British hacker known as “Hugo Cornwall” and achieved instant notoriety when

it was first published in March 1985. Guided by the Handbook, he began dialing

into more bulletin boards. (He found that about 20 percent of them had hacker

sections.) With the information he obtained from the Handbook and the bulletin

boards he learned how to find the access phone numbers for other computers, and

how to deal with IDs and passwords. The Handbook was especially useful: it

contained a list of phone numbers that gave access to JANET.

 

JANET is the earnestly friendly acronym for the Joint Academic Network, a

system that links computers in eighty to ninety universities, polytechnics, and

research centers throughout the United Kingdom. Because it is designed to be

used by students and researchers. the network needs to be relatively open, and

tries to present a friendly face to users: hence the feminine acronym and the

useful tutorial and guide provided by the system when a user types HELP-The

network’s various data banks also contain a wealth of inforrnation on subjects

as dissimilar as military research and theoretical physics. For Nick, however,

the chief appeal of JANET was that it linked a number of ICLs on different

sites around the country. By accessing JANET he could play around on his

favorite computers from his home, just by using his little Commodore.

 

Nick attempted his first hack in January 1988. He first dialed up a number for

the computer center at Queen Mary College, where he knew there was an ICL 2988.

 

Because Queen Mary is not far from Nick’s home, the telephone charges would be

lower; also, most colleges are easy targets because they generally have weak

security. He got the dial-up from The Hacker’s Handbook—but that, as he knew,

would only get him to the front door. Access to the QMC computer would be like

gaining entry to the Prestel system. To get inside, Nick would need both a

user-name—a log-in or ID—and a password. The user-name at QMC is an

individual seven-character ID; the password is a one-way encrypted code. (One

way means the code can only be encrypted once and is entirely random; if the

user forgets the password, a new one needs to be created.)

That was the theory, anyway. But Nick knew that some software supplied by ICL

includes a standard, or default, “low-security” user-name, one that doesn’t

require a password. Nick had barned the default user-name from his job and his

constant reading of ICL promotional material, manuals, and security information. And because Queen Mary College had never changed its default

user-name, it had left its back door wide open, making it easy for Nick to

walk right in to the college’s mainframe ICL on his first try.

 

The sole drawback from Nick’s point of view was that the low-security user-name

gave him only restricted access to the computer. The QMC computer had a strict

hierarchy of user

status, and the environment of low-security users—the areas on the computer

they could enter—was severely limited. Most ordinary users had higher status,

though their environment was usually restricted by the nature of their tasks.

At the apex of the hierarchy, as with Prestel, was the systems manager, who had

access to everything. At QMC the sysman is in complete control of the computer,

assigning status to other users, overseeing the functioning of the system, and

managing the programs and data.

 

Nick’s objective was to capture sysman status. Without it his options were too

limited, his environment too restricted. He began searching through the files,

using his knowledge of the minutiae of ICL operating systems to find his way

through the electronic pathways of the QMC computer. He ran into walls or traps

designed to keep him out of restricted areas, but he kept trying.

 

Nick’s hobby, his only one, was collecting unlisted commands for ICL computers.

 

These are keyboard operations that the company doesn’t document, which can be

discovered by experimentation. Sometimes these got him around the traps and

farther into the system. Slowly he moved through the back alleys of the QMC

systems until finally he was able to access the operator libraries, the

collection of programs that manage the computer. He knew that the keys to

raising his status lay among the programs. He had been hacking for hours by

then, but he didn’t notice the time or his own tiredness. He played with

commands, his little PC sending signals from his bedroom in Enfield through the

telephone lines to the mainframe at QMC. He went through the programs systematically, coaxing the ICL, trying to outsmart the security systems that had

been put in place precisely to stop someone like him. Eventually the machine

yielded. On his first hack Nick had managed to capture system-manager status.

 

He decided not to play with the QMC computer too much—the capture of sysman

status was too valuable to lose by leaving obvious evidence; also, he needed

QMC as a jumping-off point for other computers on JANET. He roamed about the

QMC computer for a bit, looking at electronic mailboxes and assessing different

files. Then he used his sysman status to create four new user-names, OLAD011,

OLAD024, OLAD028, and OLAD059, which would allow him continual entry to the QMC

machine. He assigned the four user-names to Alan Dolby.

 

The best part of the JANET network, from Nick’s point of view, was that it was

a freeway: entry into one point on the system gave a direct route to other

points. That meant that he could dial into QMC and then link into other ICLs

at other sites. Conveniently, the ever-friendly network listed the sites on the

system by computer manufacturer, so he knew just where to go to find more ICLs.

 

One of Nick’s targets was an ICL at Glasgow University in Scotland. Eventually

he linked into Glasgow by logging in as a guest user. He used the same

technique to break into the ICL at Hull University and others in Nottingham,

Belfast, and Bath.

 

Nick saw hacking as simply a means to play on ICLs. He wasn’t interested in

stealing information from the network, and in fact, he had no real purpose at

all. He was hooked on ICLs and wanted only to be able to work on them, to play

around on the operating system, to explore the complexities of the network. He

told his parents there wasn’t anything illegal in what he was doing, and

technically he was correct: at the time there were no laws in the U.K. that

specifically addressed hacking, and the Gold-Schifreen case had seemed to make

the practice beyond the law.

 

Once Nick had started hacking the Whiteley family phone bills soared from

around $100 a quarter to over $1,600. But Nick always paid his share. He could

afford to do so because he had no other social life: no expensive habits, no

girlfriends. He went to work came home, and started hacking. He hacked at night

because it fit into his schedule, and also because the phone rates were

cheaper, there was less line noise, and the target computers would be unmanned.

 

The trick was, he said later, to stay awake; sometimes he hacked all through

the night and then had to go to

work the next morning. His “day” could stretch to twenty-eight hours: first

eight hours at work, then a night spent hacking, then another eight hours at

work trying to stay awake while keeping the printer stuffed with paper and the

tape running in the drive. After a marathon stretch like that he would take the

next night off and go to bed early.

 

“It was obsessive,” Nick later explained. “Five or six hours can seem like five

minutes.” He drank coffee and Coke and ingested caffeine tablets to keep going.

 

“When you get into a system, you must keep going. It might take four or five

hours to penetrate the defenses and another four or five hours to protect the

position that has been established. If protection isn’t put into place, then

the earlier work could be wasted.” The challenge was in beating the system;

success came from staying awake. It gave him a feeling of power: he enjoyed

knowing that while the designated sysman thought he controlled the computer, in

fact it was himself, Nick, who had manipulated system-manager status and was

really in control.

 

Nick compared hacking to a game of chess, a battle of wits between himself and

the system, nothing criminal, just a game.

 

The excitement comes from knowing that a computer in the bedroom at home can be

used to break into multimillion-dollar installations. There’s the thrill of

exploration, of going around the world electronically. The objective is to try

to gain the highest status within the system, that of system manager, and once

there, to begin making the rules instead of following them. If the system

manager blocks one way in, then you find another. It becomes a game with the

systems manager; the hacker’s goal is simply to try to persuade the computer

that he should have increased privileges.

 

One person who didn’t see it as a game