Underground, Suelette Dreyfus [ebook reader online .txt] 📗

has taken advantage of this lack of distinction, and the result has been a steady stream of look-see hackers being charged with the most serious computer crime offences.

Parliament makes the laws. Government institutions such as the AFP, the DPP and the courts interpret and apply those laws. The AFP and to some extent the DPP have applied the strict letter of the law correctly in most of the hacking cases described in this book. They have, however, missed the intention of the law. Change the law and they may behave differently. Make look-see hacking a minor offence and the institutions will stop going after the soft targets and hopefully spend more time on the real criminals.

I have seen some of these hackers up close, studied them for two years and learned a bit about what makes them tick. In many ways, they are quintessentially Australian, always questioning authority and rebelling against `the establishment’. They’re smart—in some cases very smart. A few might even be classified as technical geniuses. They’re mischievous, but also very enterprising. They’re rebels, public nuisances and dreamers.

Most of all, they know how to think outside the box.

This is not a flaw. Often, it is a very valuable trait—and one which pushes society forward into new frontiers. The question shouldn’t be whether we want to crush it but how we should steer it in a different direction.

END

If you would like to comment on this book, please write to feedback@underground-book.com. All comments are passed onto Dreyfus & Assange. Underground — Glossary and Abbreviations.

AARNET Australian Academic Research Network

ACARB Australian Computer Abuse Research Bureau, once called CITCARB

AFP Australian Federal Police

Altos West German chat system and hacker hang-out, connected to X.25 network and run by Altos Computer Systems, Hamburg

ANU Australian National University

ASIO Australian Security Intelligence Organisation

Backdoor A program or modification providing secret access to a computer system, installed by a hacker to bypass normal security. Also used as a verb

BBS Bulletin Board System

BNL Brookhaven National Laboratory (US)

BRL Ballistics Research Laboratory (US)

BT British Telecom

CCITT Committee Consultatif Internationale Telegraph et Telephonie: Swiss telecommunications standards body (now defunct; see ITU)

CCS Computer Crime Squad

CCU Computer Crimes Unit (Australian Federal Police)

CERT Computer Emergency Response Team

CIAC Computer Incident Advisory Capability: DOE’s computer security team

CITCARB Chisholm Institute of Technology Computer Abuse Research Bureau (now defunct. See ACARB)

COBE Cosmic Background Explorer project: a NASA research project

DARPA Defense Advanced Research Projects Agency (US)

DCL Digital Command Language, a computer programming language used on VMS computers

DDN Defense Data Network

DEC Digital Equipment Corporation

DECNET A network protocol used to convey information between (primarily) VAX/VMS machines

DEFCON (a) Defense Readiness Conditions, a system of progressive alert postures in the US; (b) the name of Force’s computer program which automatically mapped out computer networks and scanned for accounts

DES Data Encryption Standard, an encryption algorithm developed by IBM, NSA and NIST

Deszip Fast DES Unix password-cracking system developed by Matthew Bishop

Dial-up Modem access point into a computer or computer network

DMS-100 Computerised telephone switch (exchange) made by NorTel

DOD Department of Defense (US)

DOE Department of Energy (US)

DPP Director of Public Prosecutions

DST Direction de la Surveillance du Territoire— French secret service agency

EASYNET Digital Equipment Corporation’s internal communication network (DECNET)

GTN Global Telecommunications Network: Citibank’s international data network

HEPNET High Energy Physics Network: DECNET-based network, primarily controlled by DOE, connected to NASA’s SPAN

IID Internal Investigations Division. Both the Victoria Police and the AFP have an IID

IP Internet Protocol (RFC791): a data communications protocol, used to transmit packets of data between computers on the Internet

IS International Subversive (electronic magazine)

ISU Internal Security Unit: anti-corruption unit of the Victoria Police

ITU International Telecommunications Union, the international telecommunications standards body

JANET Joint Academic Network (UK), a network of computers

JPL Jet Propulsion Laboratory—a California-based NASA research centre affiliated with CalTech

LLNL Lawrence Livermore National Laboratory (US)

LOD Legion of Doom

Lutzifer West German computer, connected to the X.25 network, which had a chat facility

MFC Multi Frequency Code (Group III): inter-exchange telecommunications system used by Telstra (Telecom)

MILNET Military Network: TCP/IP unclassified US DOD computer network

MOD Masters of Deception (or Destruction)

Modem Modulator De-modulator: a device used to transmit computer data over a regular telephone line

NCA National Crime Authority

Netlink A Primos/Dialcom command used to initiate a connection over an X.25 network

NIST National Institute of Standards (US)

NIC Network Information Center (US), run by DOD: a computer which assigned domain names for the Internet.

NRL Naval Research Laboratory (US)

NSA National Security Agency (US)

NUA Network User Address: the `telephone’ number of a computer on an X.25 network

NUI Network User Identifier (or Identification): combined username/password used on X.25 networks for billing purposes

NorTel Northern Telecom, Canadian manufacturer of telecommunications equipment

PABX Private Automatic Branch Exchange

PAD Packet Assembler Disassembler—ASCII gateway to X.25 networks

PAR `PAR?’—command on PAD to display PAD parameters

RMIT Royal Melbourne Institute of Technology

RTG Radioisotope Thermoelectric Generator, space probe Galileo’s plutonium-based power system

RTM Robert Tappan Morris (Jr), the Cornell University student who wrote the Internet worm, also known as the RTM worm

Scanner A program which scans and compiles information, such as a list of NUAs

SPAN Space Physics Analysis Network: global DECNET- based network, primarily controlled by NASA

Sprint US telecommunications company, an X.25 network provider

Sprinter Word used by some Australian and English hackers to denote scanner. Derived from scanning attacks on Sprint communications

Sprintnet X.25 network controlled by Sprint communications

Sun Sun Microsystems—a major producer of Unix workstations

TCP Transmission Control Protocol (RFC793): a standard for data connection between two computers on the Internet

TELENET An X.25 network, DNIC 3110

Telnet A method of connection between two computers on the Internet or other TCP/IP networks

Trojan A program installed by hackers to secretly gather information, such as passwords. Can also be a backdoor

Tymnet An X.25 network controlled by MCI, DNIC 3106

Unix Multi-user computer operating system developed by AT&T and Berkeley CSRG

VAX Virtual Address Extension: series of mini/mainframe computer systems produced by DEC

VMS Virtual Memory System: computer operating system produced by DEC and used on its VAX machines

WANK Worms Against Nuclear Killers: the title of DECNET/VMS-based worm released into SPAN/DEC/HEPNET in 1989

X.25 International data communications network, using the X.25 communications protocol. Network is run primarily by major telecommunications companies. Based on CCITT standard # X.25

Zardoz A restricted computer security mailing list

Notes.

Chapter 1

1. Words And Music by Rob Hirst/Martin Rotsey/James Moginie/Peter Garrett/Peter Gifford. (c) Copyright 1982 Sprint Music. Administered for the World—Warner/ Chappell Music Australia Pty Ltd. Used By Permission.

2. I have relied on numerous wire service reports, particularly those of UPI Science Reporter William Harwood, for many of my descriptions of Galileo and the launch.

3. William Harwood, `NASA Awaits Court Ruling on Shuttle Launch Plans’, UPI, 10 October 1989.

4. William Harwood, `Atlantis “Go” for Tuesday Launch’, UPI, 16 October 1989.

5. Ibid.

6. From NASA’s World Wide Web site.

7. Thomas A. Longstaff and E. Eugene Schulz, `Analysis of the WANK and OILZ Worms’, Computer and Security, vol. 12, no. 1, February 1993, p.

64.

8. Katie Haffner and John Markoff, Cyberpunk, Corgi, London 1994, p.

363.

9. The Age, 22 April 1996, reprinted from The New York Times.

10. DEC, Annual Report, 1989, listed in `SEC Online’.

11. GEMTOP was corrected to GEMPAK in a later advisory by CIAC.

12. `Officially’ was spelled incorrectly in the original banner.

13. This advisory is printed with the permission of CIAC and Kevin Oberman. CIAC requires the publication of the following disclaimer:

This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government, nor the University of California, nor any of their employees makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favouring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes.

14. Michael Alexander and Maryfran Johnson, `Worm Eats Holes in NASA’s Decnet’, Computer World, 23 October 1989, p. 4.

15. Ibid.

16. William Harwood, `Shuttle Launch Rained Out’, UPI, 17 October

1989.

17. Vincent Del Guidice, `Atlantis Set for Another Launch Try’, UPI, 18 October 1989.

18. William Harwood, `Astronauts Fire Galileo on Flight to Jupiter’, UPI, 18 October 1989.

Chapter 2

1. Words And Music by Rob Hirst/James Moginie. (c) Copyright 1985 Sprint Music. Administered for the World—Warner/Chappell Music Australia Pty Ltd. Used By Permission.

2. FIRST was initially called CERT System. It was an international version of CERT, the Computer Emergency Response Team, funded by the US Department of Defense and run out of Carnegie Mellon University.

3. OTC was later merged with Telecom to become Telstra.

4. Stuart Gill is described in some detail in Operation Iceberg; Investigation of Leaked Confidential Police Information and Related Matters, Ordered to be printed by the Legislative Assembly of Victoria, October 1993.

Chapter 3

1. Words And Music by Peter Garrett/James Moginie. (c) Copyright 1982 Sprint Music. Administered for the World—Warner/Chappell Music Australia Pty Ltd. Used By Permission.

Chapter 4

1. Words And Music by Peter Garrett/James Moginie/Martin Rotsey. (c) Copyright 1980 Sprint Music. Administered for the World—Warner/Chappell Music Australia Pty Ltd. Used By Permission.

Chapter 5

1. Words And Music by Rob Hirst/James Moginie. (c) Copyright 1989 Sprint Music. Administered for the World—Warner/ Chappell Music Australia Pty Ltd. Used By Permission.

2. The full text of the articles, used by permission News Ltd and Helen Meredith, is:

3. From Operation Iceberg; Investigations and Recommendations into Allegations of Leaked Confidential Police Information, included as Appendix 1 in the report of the Deputy Ombudsman, Operation Iceberg; Investigation of Leaked Confidential Police Information and Related Matters.

4. Ibid., pp. 26-7.

5. Michael Alexander, `International Hacker “Dave” Arrested’, Computer World, 9 April 1990, p. 8.

6. Matthew May, `Hacker Tip-Off’, The Times, 5 April 1990; Lou Dolinar, `Australia Arrests Three in Computer Break-Ins’, Newsday, 3 April 1990.

Chapter 6

1. Words And Music by Rob Hirst/James Moginie/Peter Garrett. (c) Copyright 1978 Sprint Music. Administered for the World—Warner/Chappell Music Australia Pty Ltd. Used By Permission.

Chapter 7

1. Words And Music by Peter Garrett/James Moginie/Rob Hirst. (c) Copyright 1988 Sprint Music. Administered for the World—Warner/Chappell Music Australia Pty Ltd. Used By Permission.

2. Rupert Battcock, `The Computer Misuse Act Five years on—the Record since 1990’, paper, Strathclyde University, Glasgow, UK.

3. For the British material in this chapter, I have relied on personal interviews, media reports (particularly for the Wandii case), journal articles, academic papers and commission reports.

4. Colin Randall, `Teenage Computer Hacker “Caused Worldwide Chaos”’, Daily Telegraph, 23 February 1993.

5. The local phone company agreed to reduce the bill to [sterling]3000, EORTIC information systems manager Vincent Piedboeuf told the court.

6. Susan Watts, `Trial Haunted by Images of Life in the Twilight Zone’, The Independent, 18 March 1993.

7. Toby Wolpe, `Hacker Worked on Barclay’s Software’, Computer Weekly, 4 March 1993.

8. David Millward, `Computer Hackers Will be Pursued, Vow Police’, Daily Telegraph, 19 March 1993.

9. Chester Stern, `Hackers’ Threat to Gulf War Triumph’, Mail on