Hey, It’s Not Rocket Science; It’s Computer Cracking
“At Large: The Strange Case of the World’s Biggest Internet Invasion” by David H. Freedman and Charles C. Mann (Simon & Schuster, 315 pp., $27.95)
Despite the impressions left by countless bad movies, breaking into computer networks isn’t like rocket science. For one thing, computers are a lot cheaper than rockets. For another, computers don’t blow up when you type in the wrong command, so you can afford to keep trying different commands until something works. Soon, everybody thinks you’re a genius with machines when you are just a person of average intelligence and above-average tenacity.
Or you might be someone of below-average intelligence and a level of determination bordering on the lunatic. Such a person, if he or she decided to devote the time to electronic breaking and entering, might prove to be just about unstoppable.
That’s the dismaying truth behind “At Large,” a fascinating book about a series of computer break-ins that may have been the most extensive so far detected. Unlike more famous computer crackers like Kevin Mitnick and Kevin Poulsen, the perpetrator in this case has never become famous. In fact, authors David H. Freedman and Charles C. Mann never even identify him. It turns out the cops decided not to prosecute, once they got a good look at the perpetrator.
The trouble started in the spring of 1991, when a computer network manager at Portland State University in Oregon realized that his system had been penetrated by someone calling himself Phantomd. The cracker (not a hacker - hackers are good guys) didn’t seem to be particularly clever in his ways of sneaking into the system. But he was amazingly persistent, often working 20 hours a day to break in.
Month after month, he found new security holes in the network, which he used to gain access to other networks ranging from MIT to NASA, from the national research labs at Los Alamos to the chipmaker Intel Corp. And everywhere he went, Phantomd, who later changed his handle to Infomaster, was able to plant secret “Trojan horse” programs that in turn collected vast amounts of data that he could use to raid still more networks. He even broke into a supercomputer owned by Cambridge, Mass.-based Thinking Machines Inc. just so that he could use it to crack passwords he’d swiped from other machines.
After months of futile attempts to warn network operators nationwide about these incursions, the problem at Portland State finally attracted the attention of the FBI. Just then the agency was trying to put together the beginnings of a computer-crime unit, but the officials needed a good, juicy case to prove the need for such an enterprise. The Infomaster affair seemed perfect. Somebody was essentially running wild through dozens of America’s most sensitive computer networks. Oddly, there was no evidence that the person doing it was trying to steal national secrets, or even credit-card numbers. But Infomaster could have destroyed sensitive information worth billions if he’d wanted to. This evil genius had to be stopped.
Only he wasn’t a genius. Not even close. When the FBI came calling for Infomaster, in late 1992, they found an asthmatic 20-year-old from a broken home, afflicted with viral hepatitis and learning disabilities. Well into his teens, this young man had barely been able to write his own name, and he’d once been hospitalized as a schizophrenic. In computers, the young man had found the only thing in his life he’d been able to master, and it was only to demonstrate this mastery that he’d committed all those electronic break-ins.
The feds had hoped to set a precedent by slapping Infomaster with a long stretch in federal prison, but they couldn’t imagine sending this poor fellow to such a fate.
Infomaster and many other denizens of the cracker underground simply concentrate on exploiting well-known weaknesses in Unix, the operating system that controls most of the computers that run the Internet and many corporate networks. Many Unix flaws are well documented, but these flaws often go unrepaired by network managers who lack the time or the know-how to do it properly.
All Infomaster had to do was learn these loopholes, usually by wheedling the information from other crackers he met on the Internet. Then he’d go to work, often for days at a time without sleep. On a network that might have hundreds of computers attached, he’d only have to find a weakness in one machine, and then the entire network would be at his mercy.
“At Large” left me with a grumpy, unsatisfied feeling - just as it was supposed to. The criminal walked away scot-free, and by now could well be engaged in the same old exploits. Meanwhile, the tricks of his craft are public knowledge, available to any visitor to the many cracker Web sites on the Internet. Maybe another Infomaster is hard at work right now - just as untalented as the first, but with far nastier motives.