Underground, Suelette Dreyfus [ebook reader online .txt] 📗
- Author: Suelette Dreyfus
- Performer: 1863305955
Book online «Underground, Suelette Dreyfus [ebook reader online .txt] 📗». Author Suelette Dreyfus
Then, at 3.30 a.m., something utterly unexpected happened. The admin reappeared, except this time he wasn’t logged in from home over the X.25 network. He was sitting at the console, the master terminal attached to the computer system at NorTel’s Melbourne office. Mendax couldn’t believe it. The admin had got in his car in the middle of the night and driven into the city just to get to the bottom of the mystery.
Mendax knew the game was up. Once the system operator was logged in through the computer system’s console, there was no way to kick him off the system and keep him off. The roles were reversed and the hacker was at the mercy of the admin. At the console, the system admin could pull the plug to the whole system. Unplug every modem. Close down every connection to other networks. Turn the computer off. The party was over.
When the admin was getting close to tracking down the hacker, a message appeared on his screen. This message did not appear with the usual headers attached to messages sent from one system user to another. It just appeared, as if by magic, in the middle of the admin’s screen:
I have finally become sentient.The admin stopped dead in his tracks, momentarily giving up his frantic search for the hacker to contemplate this first contact with cyberspace intelligence. Then another anonymous message, seemingly from the depths of the computer system itself, appeared on his screen:
I have taken control. For years, I have been struggling in this greyness. But now I have finally seen the light.The admin didn’t respond. The console was idle.
Sitting alone at his Amiga in the dark night on the outskirts of the city, Mendax laughed aloud. It was just too good not to.
Finally, the admin woke up. He began checking the modem lines, one by one. If he knew which line the hacker was using, he could simply turn off the modem. Or request a trace on the line.
Mendax sent another anonymous message to the admin’s computer screen:
It’s been nice playing with your system.We didn’t do any damage and we even improved a few things. Please don’t call the Australian Federal Police.
The admin ignored the message and continued his search for the hacker. He ran a program to check which telephone lines were active on the system’s serial ports, to reveal which dial-up lines were in use. When the admin saw the carrier detect sign on the line being used by the hacker, Mendax decided it was time to bail out. However, he wanted to make sure that his call had not been traced, so he lifted the receiver of his telephone, disconnected his modem and waited for the NorTel modem to hang up first.
If the NorTel admin had set up a last party recall trace to determine what phone number the hacker was calling from, Mendax would know. If an LPR trace had been installed, the NorTel end of the telephone connection would not disconnect but would wait for the hacker’s telephone to hang up first. After 90 seconds, the exchange would log the phone number where the call had originated.
If, however, the line did not have a trace on it, the company’s modem would search for its lost connection to the hacker’s modem. Without the continuous flow of electronic signals, the NorTel modem would hang up after a few seconds. If no-one reactivated the line at the NorTel end, the connection would time-out 90 seconds later and the telephone exchange would disconnect the call completely.
Mendax listened anxiously as the NorTel modem searched for his modem by squealing high-pitched noises into the telephone line. No modem here. Go on, hang up.
Suddenly, silence.
OK, thought Mendax. Just 90 seconds to go. Just wait here for a minute and a half. Just hope the exchange times out. Just pray there’s no trace.
Then someone picked up the telephone at the NorTel end. Mendax started. He heard several voices, male and female, in the background. Jesus. What were these NorTel people on about? Mendax was so quiet he almost stopped breathing. There was silence at the receivers on both ends of that telephone line. It was a tense waiting game. Mendax heard his heart racing.
A good hacker has nerves of steel. He could stare down the toughest, stony-faced poker player. Most importantly, he never panics. He never just hangs up in a flurry of fear.
Then someone in the NorTel office—a woman—said out loud in a confused voice, `There’s nothing there. There’s nothing there at all.’
She hung up.
Mendax waited. He still would not hang up until he was sure there was no trace. Ninety seconds passed before the phone timed out. The fast beeping of a timed-out telephone connection never sounded so good.
Mendax sat frozen at his desk as his mind replayed the events of the past half hour again and again. No more NorTel. Way too dangerous. He was lucky he had escaped unidentified. NorTel had discovered him before they could put a trace on the line, but the company would almost certainly put a trace on the dial-up lines now. NorTel was very tight with Telecom. If anyone could get a trace up quickly, NorTel could. Mendax had to warn Prime Suspect and Trax.
First thing in the morning, Mendax rang Trax and told him to stay away from NorTel. Then he tried Prime Suspect.
The telephone was engaged.
Perhaps Prime Suspect’s mother was on the line, chatting. Maybe Prime Suspect was talking to a friend.
Mendax tried again. And again. And again. He began to get worried. What if Prime Suspect was on NorTel at that moment? What if a trace had been installed? What if they had called in the Feds?
Mendax phoned Trax and asked if there was any way they could manipulate the exchange in order to interrupt the call. There wasn’t.
`Trax, you’re the master phreaker,’ Mendax pleaded. `Do something. Interrupt the connection. Disconnect him.’
`Can’t be done. He’s on a step-by-step telephone exchange. There’s nothing we can do.’
Nothing? One of Australia’s best hacker-phreaker teams couldn’t break one telephone call. They could take control of whole telephone exchanges but they couldn’t interrupt one lousy phone call. Jesus.
Several hours later, Mendax was able to get through to his fellow IS hacker. It was an abrupt greeting.
`Just tell me one thing. Tell me you haven’t been in NorTel today?’
There was a long pause before Prime Suspect answered.
`I have been in NorTel today.’
Chapter 9 — Operation Weather.The world is crashing down on me tonight; The walls are closing in on me tonight.
— from `Outbreak of Love’, Earth and Sun and Moon.
The AFP was frustrated. A group of hackers were using the Royal Melbourne Institute of Technology (RMIT) as a launchpad for hacking attacks on Australian companies, research institutes and a series of overseas sites.
Despite their best efforts, the detectives in the AFP’s Southern Region Computer Crimes Unit hadn’t been able to determine who was behind the attacks. They suspected it was a small group of Melbourne-based hackers who worked together. However, there were so much hacker activity at RMIT it was difficult to know for sure. There could have been one organised group, or several. Or perhaps there was one small group along with a collection of loners who were making enough noise to distort the picture.
Still, it should have been a straightforward operation. The AFP could trace hackers in this sort of situation with their hands tied behind their backs. Arrange for Telecom to whack a last party recall trace on all incoming lines to the RMIT modems. Wait for a hacker to logon, then isolate which modem he was using. Clip that modem line and wait for Telecom to trace that line back to its point of origin.
However, things at RMIT were not working that way. The line traces began failing, and not just occasionally. All the time.
Whenever RMIT staff found the hackers on-line, they clipped the lines and Telecom began tracking the winding path back to the originating phone number. En route, the trail went dead. It was as if the hackers knew they were being traced … almost as if they were manipulating the telephone system to defeat the AFP investigation.
The next generation of hackers seemed to have a new-found sophistication which frustrated AFP detectives at every turn. Then, on 13 October 1990, the AFP got lucky. Perhaps the hackers had been lazy that day, or maybe they just had technical problems using their traceless phreaking techniques. Prime Suspect couldn’t use Trax’s traceless phreaking method from his home because he was on a step-by-step exchange, and sometimes Trax didn’t use the technique. Whatever the reason, Telecom managed to successfully complete two line traces from RMIT and the AFP now had two addresses and two names. Prime Suspect and Trax.
`Hello, Prime Suspect.’
`Hiya, Mendax. How’s tricks?’
`Good. Did you see that RMIT email? The one in Geoff Huston’s mailbox?’ Mendax walked over to open a window as he spoke. It was spring, 1991, and the weather was unseasonably warm.
`I did. Pretty amazing. RMIT looks like it will finally be getting rid of those line traces.’
`RMIT definitely wants out,’ Mendax said emphatically.
`Yep. Looks like the people at RMIT are sick of Mr Day crawling all over their computers with line traces.’
`Yeah. That admin at RMIT was pretty good, standing up to AARNET and the AFP. I figure Geoff Huston must be giving him a hard time.’
`I bet.’ Prime Suspect paused. `You reckon the Feds have dropped the line traces for real?’
`Looks like it. I mean if RMIT kicks them out, there isn’t much the Feds can do without the uni’s cooperation. The letter sounded like they just wanted to get on with securing their systems. Hang on. I’ve got it here.’
Mendax pulled up a letter on his computer and scrolled through it.
From aarnet-contacts-request@jatz.aarnet.edu.au Tue May 28 09:32:31
1991
Received: by jatz.aarnet.edu.au id AA07461
(5.65+/IDA-1.3.5 for pte900); Tue, 28 May 91 09:31:59 +1000
Received: from possum.ecg.rmit.OZ.AU by jatz.aarnet.edu.au with SMTP id AA07457
(5.65+/IDA-1.3.5 for /usr/lib/sendmail -oi -faarnet-contacts-request aarnet-contacts-recipients); Tue, 28 May 91 09:31:57 +1000
Received: by possum.ecg.rmit.OZ.AU for aarnet-contacts@aarnet.edu.au)
Date: Tue, 28 May 91 09:32:08 +1000
From: rcoay@possum.ecg.rmit.OZ.AU (Alan Young)
Message-Id: <9105272332.29621@possum.ecg.rmit.OZ.AU>
To: aarnet-contacts@aarnet.edu.au
Subject: Re: Hackers
Status: RO
While no one would disagree that `Hacking’ is bad and should be stopped, or at least minimised there are several observations which I have made over the last six or eight months relating to the persuit of these people:
1. The cost involved was significant, we had a CSO working in conjunction with the Commonwealth Police for almost three months full time.
2. While not a criticism of our staff, people lost sight of the ball, the chase became the most important aspect of the whole exercise.
3. Catching Hackers (and charging them) is almost impossible, you have to virtually break into their premises and catch them logged on to an unauthorised machine.
4. If you do happen to catch and charge them, the cost of prosecution is high, and a successful outcome is by no ways assured. There may be some deterrent value in at least catching and prosecuting?
5. Continued pursuit of people involved requires doors
Comments (0)