Dancing to techno-music released him. Dancing to it on drugs cleared his mind completely, made him feel possessed by the music. Techno was musical nihilism; no message, and not much medium either. Fast, repetitive, computer-synthesised beats, completely stripped of vocals or any other evidence of humanity. He liked to go to techno-night at The Lounge, a city club, where people danced by themselves, or in small, loose groups of four or five. Everyone watched the video screen which provided an endless stream of ever-changing, colourful computer-generated geometric shapes pulsing to the beat.
Prime Suspect never told his mother he was going to a rave. He just said he was going to a friend's for the night. In between the drugs, he attended his computer science courses at TAFE and worked at the local supermarket so he could afford his weekly $60 ecstasy tablet, $20 rave entry fee and regular baggy of marijuana.
Over time, the drugs became less and less fun. Then, one Sunday, he came down off some speed hard. A big crash. The worst he had ever experienced. Depression set in, and then paranoia. He knew the police were still watching him. They had followed him before.
At his police interviews, he learned that an AFP officer had followed him to an AC/DC concert less than two weeks before he had been busted. The officer told him the AFP wanted to know what sort of friends Prime Suspect associated with—and the officer had been treated to the spectre of seven other arm-waving, head-thumping, screaming teenagers just like Prime Suspect himself.
Now Prime Suspect believed that the AFP had started following him again. They were going to raid him again, even though he had given up hacking completely. It didn't make sense. He knew the premonition was illogical, but he couldn't shake it.
Something bad—very, very bad—was going to happen any day. Overcome with a great sense of impending doom, he lapsed into a sort of hysterical depression. Feeling unable to prevent the advent of the dark, terrible event which would tear apart his life yet again, he reached out to a friend who had experienced his own personal problems. The friend guided him to a psychologist at the Austin Hospital. Prime Suspect decided that there had to be a better way to deal with his problems than wasting himself every weekend. He began counselling.
The counselling made him deal with all sorts of unresolved business. His father's death. His relationship with his mother. How he had evolved into an introvert, and why he was never comfortable talking to people. Why he hacked. How he became addicted to hacking. Why he took up drugs.
At the end, the 21-year-old Prime Suspect emerged drug-free and, though still shaky, on the road to recovery. The worst he had to wait for were the charges from the AFP.
Trax's recovery from his psychological instabilities wasn't as definitive. From 1985, Trax had suffered from panic attacks, but he didn't want to seek professional help—he just ran away from the problem. The situation only became worse after he was involved in a serious car accident. He became afraid to leave the house at night. He couldn't drive. Whenever he was in a car, he had to fight an overwhelming desire to fling the door open and throw himself out on to the road. In 1989, his local GP referred Trax to a psychiatrist, who tried to treat the phreaker's growing anxiety attacks with hypnosis and relaxation techniques.
Trax's illness degenerated into full-fledged agoraphobia, a fear of open spaces. When he rang the police in late October 1991—just days before the AFP raid—his condition had deteriorated to the point where he could not comfortably leave his own house.
Initially he rang the state police to report a death threat made against him by another phreaker. Somewhere in the conversation, he began to talk about his own phreaking and hacking. He hadn't intended to turn himself in but, well, the more he talked, the more he had to say. So many things had been weighing on his mind. He knew that Prime Suspect had probably been traced from NorTel as a result of Mendax's own near miss in that system. And Prime Suspect and Mendax had been so active, breaking into so many systems, it was almost as if they wanted to be caught.
Then there was Prime Suspect's plan to write a destructive worm, which would wipe systems en route. It wasn't really a plan per se, more just an idea he had toyed with on the phone. Nonetheless, it had scared Trax. He began to think all three IS hackers were getting in too deep and he wanted out.
He tried to stop phreaking, even going so far as to ask Telecom to change his telephone number to a new exchange which he knew would not allow him to make untraceable calls. Trax reasoned that if he knew he could be traced, he would stop phreaking and hacking.
For a period, he did stop. But the addiction was too strong, and before long he was back at it again, regardless of the risk. He ran a hidden cable from his sister's telephone line, which was on the old exchange. His inability to stop made him feel weak and guilty, and even more anxious about the risks. Perhaps the death threat threw him over the edge. He couldn't really understand why he had turned himself in to the police. It had just sort of happened.
The Victoria Police notified the AFP. The AFP detectives must have been slapping their heads in frustration. Here was Australia's next big hacker case after The Realm, and they had expected to make a clean bust. They had names, addresses, phone numbers. They had jumped through legal hoops to get a telephone tap. The tap was up and running, catching every target computer, every plot, every word the hackers said to each other. Then one of their targets goes and turns himself in to the police. And not even to the right police—he goes to the Victoria Police. In one fell swoop, the hacker was going to take down the entire twelve-month Operation Weather investigation.
The AFP had to move quickly. If Trax tipped off the other two IS hackers that he had called the police, they might destroy their notes, computer files—all the evidence the AFP had hoped to seize in raids.
When the AFP swooped in on the three hackers, Mendax and Prime Suspect had refused to be interviewed on the night. Trax, however, had spent several hours talking to the police at his house.
He told the other IS hackers that the police had threatened to take him down to AFP headquarters—despite the fact that they knew leaving his house caused him anxiety. Faced with that prospect, made so terrifying by his psychiatric illness, he had talked.
Prime Suspect and Mendax didn't know how much Trax had told the police, but they didn't believe he would dob them in completely. Apart from anything else, he hadn't been privy to much of his colleagues' hacking. They hadn't tried to exclude Trax, but he was not as sophisticated a hacker and therefore didn't share in many of their exploits.
In fact, one thing Trax did tell the police was just how sophisticated the other two IS hackers had become just prior to the bust. Prime Suspect and Mendax were, he said, `hackers on a major scale, on a huge scale—something never achieved before', and the AFP had sat up and taken notice.
After the raids, Trax told Mendax that the AFP had tried to recruit him as an informant. Trax said that they had even offered him a new computer system, but he had been non-committal. And it seemed the AFP was still keeping tabs on the IS hackers, Trax also told Mendax. The AFP officers had heard Mendax had gone into hospital and they were worried. There seemed to be a disturbing pattern evolving.
On the subject of the IS raids, Trax told Mendax that the AFP felt it didn't have any choice. Their attitude was: you were doing so much, we had to bust you. You were inside so many systems, it was getting out of control.
In any case, by December 1991 Mendax had agreed to a police interview, based on legal advice. Ken Day interviewed Mendax, and the hacker was open with Day about what he had done. He refused, however, to implicate either Trax or Prime Suspect. In February 1992, Prime Suspect followed suit, with two interviews. He was also careful about what he said regarding his fellow hackers. Mendax was interviewed a second time, in February 1992, as was Trax in August.
After the raid, Trax's psychiatric condition remained unstable. He changed doctors and began receiving home visits from a hospital psychiatric service. Eventually, a doctor prescribed medication.
The three hackers continued to talk on the phone, and see each other occasionally. One or the other might drop out of communication for a period, but would soon return to the fold. They helped each other and they maintained their deep anti-establishment sentiments.
After the charges arrived in the mail, they called each other to compare notes. Mendax thought out loud on the phone to Prime Suspect, `I guess I should get a lawyer'.
`Yeah. I got one. He's lining up a barrister too.'
`They any good?' Mendax asked.
`Dunno. I guess so. The solicitor works at Legal Aid, an in-house guy.I've only met them a few times.'
`Oh,' Mendax paused. `What are their names?'
`John McLoughlin and Boris Kayser. They did Electron's case.'
Trax and Prime Suspect decided to plead guilty. Once they saw the overwhelming evidence—data taps, telephone voice taps, data seized during the raids, nearly a dozen statements by witnesses from the organisations they had hacked, the 300-page Telecom report—they figured they would be better off pleading. The legal brief ran to more than 7000 pages. At least they would get some kudos with the judge for cooperating in the police interviews and pleading early in the process, thus saving the court time and money.
Mendax, however, wanted to fight the charges. He knew about Pad andGandalf's case and the message from that seemed to be pretty clear:Plead and you go to prison, fight and you might get off free.
The DPP shuffled the charges around so much between mid-1994 and 1995 that all the original charges against Trax, issued on 20 July 1994, were dropped in favour of six new charges filed on Valentines Day, 1995. At that time, new charges—largely for hacking a Telecom computer—were also laid against Mendax and Prime Suspect.
By May 1995, the three hackers faced 63 charges in all: 31 for Mendax, 26 for Prime Suspect and six for Trax. In addition, NorTel claimed the damages attributed to the hacker incident totalled about $160000—and the company was seeking compensation from the responsible parties. The Australian National University claimed another $4200 in damages.
Most of the charges related to obtaining illegal access to commercial or other information, and inserting and deleting data in numerous computers. The deleting of data was not malicious—it generally related to cleaning up evidence of the hackers' activities. However, all three hackers were also charged with some form of `incitement'. By writing articles for the IS magazine, the prosecution claimed the hackers had been involved in disseminating information which would encourage others to hack and phreak.
On 4 May 1995 Mendax sat in the office of his solicitor, PaulGalbally, discussing the committal hearing scheduled for the next day.
Galbally was a young, well-respected member of Melbourne's most prestigious law family. His family tree read like a Who's Who of the law. Frank Galbally, his father, was one of Australia's most famous criminal barristers. His uncle, Jack Galbally, was a well-known lawyer, a minister in the State Labor government of John Cain Sr and, later, the Leader of the Opposition in the Victorian parliament. His maternal grandfather, Sir Norman O'Bryan, was a Supreme Court judge, as was his maternal uncle of the same name. The Galballys weren't so much a family of lawyers as a legal dynasty.
Rather than rest on his family's laurels, Paul Galbally worked out of a cramped, 1970s time-warped, windowless office in a William Street basement, where he was surrounded by defence briefs—the only briefs he accepted. He liked the idea of keeping people out of prison better than the idea of putting them in it. Working closely with a defendant, he inevitably found redeeming qualities which the prosecution would never see. Traces of humanity, no matter how small, made his choice seem worthwhile.
His choices in life reflected the Galbally image as champions of the underdog, and the family shared a background with the working class. Catholic. Irish. Collingwood football enthusiasts. And, of course, a very large family. Paul was one of eight children, and his father had also come from a large family.
The 34-year-old criminal law specialist didn't know anything about computer crime when Mendax first appeared in his office, but the hacker's case seemed both interesting and worthy. The unemployed, long-haired youth had explained he could only offer whatever fees the Victorian Legal Aid Commission was willing to pay—a sentence Galbally heard often in his practice. He agreed.
Galbally & O'Bryan had a very good reputation as a criminal law firm. Criminals, however, tended not to have a great deal of money. The large commercial firms might dabble in some criminal work, but they cushioned any resulting financial inconvenience with other, more profitable legal work. Pushing paper for Western Mining Corporation paid for glass-enclosed corner offices on the fiftieth floor. Defending armed robbers and drug addicts didn't.
The 4 May meeting between Galbally and Mendax was only scheduled to take an hour or so. Although Mendax was contesting the committal hearing along with Prime Suspect on the following day, it was Prime Suspect's barrister, Boris Kayser, who was going to be running the show. Prime Suspect told Mendax he had managed to get full Legal Aid for the committal, something Galbally and Mendax had not been able to procure. Thus Mendax would not have his own barrister at the proceedings.
Mendax didn't mind. Both hackers knew they would be committed to trial. Their immediate objective was to discredit the prosecution's damage claims—particularly NorTel's.
As Mendax and Galbally talked, the mood in the office was upbeat. Mendax was feeling optimistic. Then the phone rang. It was Geoff Chettle, the barrister representing the DPP. While Chettle talked, Mendax watched a dark cloud pass across his solicitor's face. When he finally put the phone down, Galbally looked at Mendax with his serious, crisis management expression.
`What's wrong? What's the matter?' Mendax asked.
Galbally sighed before he spoke.
`Prime Suspect has turned Crown witness against you.'
There was a mistake. Mendax was sure of it. The whole thing was just one big mistake. Maybe Chettle and the DPP had misunderstood something Prime Suspect had said to them. Maybe Prime Suspect's lawyers had messed up. Whatever. There was definitely a mistake.
At Galbally's office, Mendax had refused to believe Prime Suspect had really turned. Not until he saw a signed statement. That night he told a friend, `Well, we'll see. Maybe Chettle is just playing it up.'
Chettle, however, was not just playing it up.
There it was—a witness statement—in front of him. Signed by PrimeSuspect.
Mendax stood outside the courtroom at Melbourne Magistrates Court trying to reconcile two realities. In the first, there was one of Mendax's four or five closest friends. A friend with whom he had shared his deepest hacking secrets. A friend he had been hanging out with only last week.
In the other reality, a six-page statement signed by Prime Suspect and Ken Day at AFP Headquarters at 1.20 p.m. the day before. To compound matters, Mendax began wondering if Prime Suspect may have been speaking to the AFP for as long as six months.
The two realities were spinning through his head, dancing around each other.
When Galbally arrived at the court, Mendax took him to one side to go over the statement. From a damage-control perspective, it wasn't a complete disaster. Prime Suspect certainly hadn't gone in hard. He could have raised a number of matters, but didn't. Mendax had already admitted to most of the acts which formed the basis of his 31 charges in his police interview. And he had already told the police a good deal about his adventures in Telecom's telephone exchanges.
However, Prime Suspect had elaborated on the Telecom break-ins in his statement. Telecom was owned by the government, meaning the court would view phreaking from their exchanges not as defrauding a company but as defrauding the Commonwealth. Had the DPP decided to lay those new charges—the Telecom charges—in February 1995 because Prime Suspect had given the AFP a draft Crown witness statement back then? Mendax began to suspect so. Nothing seemed beyond doubt any more.
The immediate crisis was the committal hearing in the Melbourne Magistrates Court. There was no way Boris Kayser was now going to decimate their star witness, a NorTel information systems manager. Galbally would have to run a cross-examination himself—no easy task at short notice, given the highly complex technical aspects of the case.
Inside the courtroom, as Mendax got settled, he saw Prime Suspect. He gave his former friend a hard, unblinking, intense stare. Prime Suspect responded with a blank wall, then he looked away. In fact, even if Mendax had wanted to say something, he couldn't. As a Crown witness, Prime Suspect was off-limits until the case was over.
The lawyers began to file into the courtroom. The DPP representative, Andrea Pavleka, breezed in, momentarily lifting the tension in the windowless courtroom.
She had that effect on people. Tall, slender and long-legged, with a bob of sandy blonde curls, booky spectacles resting on a cute button nose and an infectious laugh, Pavleka didn't so much walk into a courtroom as waft into it. She radiated happiness from her sunny face. It's a great shame, Mendax thought, that she is on the other side.
The court was called into session. Prime Suspect stood in the dock and pleaded guilty to 26 counts of computer crimes.
In the course of the proceedings his barrister, Boris Kayser, told the court that his client had cooperated with the police, including telling the AFP that the hackers had penetrated Telecom's exchanges. He also said that Telecom didn't believe—or didn't want to believe—that their exchanges had been compromised. When Kayser professed loudly what a model citizen his client had been, Ken Day, sitting in the public benches, quietly rolled his eyes.
The magistrate, John Tobin, extended Prime Suspect's bail. The hacker would be sentenced at a later date.
That matter dealt with, the focus of the courtroom shifted to Mendax's case. Geoff Chettle, for the prosecution, stood up, put the NorTel manager, who had flown in from Sydney, on the stand and asked him some warm-up questions.
Chettle could put people at ease—or rattle them—at will. Topped by a minute stubble of hair, his weathered 40-something face provided a good match to his deep, gravelly voice. With quick eyes and a hard, no-nonsense manner, he lacked the pretentiousness of many barristers. Perhaps because he didn't seem to give a fig about nineteenth century protocols, he always managed to looked out of place in a barrister's wig and robe. Every time he stood up, the black cape slid off his lean shoulders. The barrister's wig went crooked. He continually adjusted it—tugging the wig back into the correct spot like some wayward child. In court, Chettle looked as if he wanted to tear off the crusty trappings of his profession and roll up his sleeves before sinking into a hearty debate. And he looked as if he would rather do it at a pub or the footy.
The NorTel manager took the stand. Chettle asked him some questions designed to show the court the witness was credible, in support of the company's $160000 hacker-clean-up claim. His task accomplished, Chettle sat down.
A little nervous, Paul Galbally stood up to his full height—more than six feet—and straightened his jacket. Dressed in a moss green suit so dark it was almost black, with thin lapels and a thin, 1960s style tie, he looked about as understated hip as a lawyer could—and still show his face in court.
Halting at first, Galbally appeared unsure of himself. Perhaps he had lost his nerve because of the technical issues. WMTP files. UTMP files. PACCT audits. Network architecture. IP addresses. He had been expected to become an expert in the basics literally overnight. A worried Mendax began passing him notes—questions to ask, explanations, definitions. Slowly, Galbally started working up a rhythm to the cross-examination.
During the questioning someone from the back of the court sidled up to Mendax, in the front row of seats, and handed a note over his shoulder. Mendax unfolded the note, read it and then turned around to smile at the messenger. It was Electron.
By the time Galbally had finished, he had pulled apart much of the NorTel manager's evidence. As he built up a head of steam quizzing the witness, he forced the NorTel manager to admit he didn't know all that much about the alleged hacking incidents. In fact, he wasn't even employed by the company when they occurred. He had largely thrown together an affidavit based on second-hand information—and it was this affidavit which supposedly proved the hackers had cost the company $160000. Worse, it seemed to an observer at court that the NorTel manager had little Unix security technical expertise and probably would not have been able to conduct a detailed technical analysis of the incident even if he had been with the company in 1991. By the end of the defence's cross-examination, it appeared that Galbally knew more about Unix than the NorTel manager.
When Geoff Chettle stood up to re-examine the witness, the situation was hopeless. The manager soon stood down. In Mendax's view, the credibility of the NorTel Manager's statement was shot.
The court was then adjourned until 12 May.
After court, Mendax heard Geoff Chettle talking about the NorTel witness. `That guy is OFF the team,' he said emphatically.
It was a mixed victory for Mendax. His solicitor had knocked off one NorTel witness, but there were more where he came from. At a full trial, the prosecution would likely fly in some real NorTel fire-power, from Canada, where the 676-page security incident report had been prepared by Clark Ferguson and other members of the NorTel security team. Those witnesses would understand how a Unix system operated, and would have first-hand knowledge of the hackers' intrusions. It could make things much more difficult.
When Mendax returned to court a week later, he was committed to stand trial in the County Court of Victoria, as expected.
Later, Mendax asked Galbally about his options. Take the case to full trial, or plead guilty like the other two IS hackers. He wanted to know where the DPP stood on his case. Would they go in hard if he pleaded guilty? Had the NorTel manager disaster at the committal hearing forced them to back down a little?
Paul sighed and shook his head. The DPP were standing firm. They wanted to see Mendax go to prison.
Andrea Pavleka, the DPP's sunny-faced girl who radiated happiness, was baying for blood.
One month later, on 21 July 1995, Prime Suspect arrived at the CountyCourt for sentencing.
Rising early that morning to make sure his court suit was in order, Prime Suspect had been tense. His mother cooked him a big breakfast. Toast, bacon and eggs the way he liked it. In fact, his favourite breakfast was an Egg McMuffin from McDonald's, but he never told his mother that.
The courtroom was already crowded. Reporters from newspapers, the wire services, a few TV channels. There were also other people, perhaps waiting for another case.
Dressed in a dark pin-stripe suit, Ken Day stood tapping on a laptop on the prosecution's side of the courtroom. Geoff Chettle sat near him. Prime Suspect's barrister, Boris Kayser, sifted through some papers on the other side.
Mendax lingered at the back of the room, watching his former friend. He wanted to hear Prime Suspect's sentence because, under the rules of parity sentencing, Mendax's own sentence would have to be similar to that of his fellow hackers. However, Prime Suspect might get some dispensation for having helped the prosecution.
A handful of Prime Suspect's friends—none of them from the computer underground—trickled in. The hacker's mother chatted nervously with them.
Court was called into session and everyone settled into their seats. The first case, it turned out, was not Prime Suspect's. A tall, silver-haired man in his mid-fifties, with eyes so blue they were almost demonic, stepped into the dock. As the reporters began taking notes, Prime Suspect tried to imagine what crime the polished, well-dressed man had committed.
Child molesting.
The man had not just molested children, he had molested his own son. In the parents' bedroom. Repeatedly. On Easter Sunday. His son was less than ten years old at the time. The whole family had collapsed. Psychologically scarred, his son had been too traumatised even to give a victim impact statement.
For all of this, Judge Russell Lewis told the court, the man had shown no remorse. Grave-faced, the judge sentenced him to a minimum prison term of five years and nine months.
The court clerk then called Prime Suspect's case.
At the back of the courtroom, Mendax wondered at the strange situation. How could the criminal justice system put a child molester in the same category as a hacker? Yet, here they both were being sentenced side by side in the same County Court room.
Boris Kayser had called a collection of witnesses, all of whom attested to Prime Suspect's difficult life. One of these, the well-regarded psychologist Tim Watson-Munro, described Prime Suspect's treatments at the Austin Hospital and raised the issue of reduced free-will. He had written a report for the court.
Judge Lewis was quick to respond to the suggestion that hacking was an addiction. At one point, he wondered aloud to the courtroom whether some of Prime Suspect's hacking activities were `like a shot of heroin'.
Before long, Kayser had launched into his usual style of courtroom address. First, he criticised the AFP for waiting so long to charge his client.
`This fellow should have been dealt with six to twelve months after being apprehended. It is a bit like the US, where a man can commit a murder at twenty, have his appeal be knocked back by the Supreme Court at 30 and be executed at 40—all for something he did when he was only twenty years old.
Thoroughly warmed up, Kayser observed that 20 per cent of Prime Suspect's life had gone by since being raided. Then he began hitting his high notes.
`This young man received no assistance in the maturation process. He didn't grow up, he drifted up.
`His world was so horrible that he withdrew into a fantasy world. He knew no other way to interact with human beings. Hacking was like a physical addiction to him.
`If he hadn't withdrawn into the cybernetic highway, what would he have done instead? Set fires? Robbed houses? Look at the name he gave himself. Prime Suspect. It has implied power—a threat. This kid didn't have any power in his life other than when he sat down at a computer.'
Not only did Kayser want the judge to dismiss the idea of prison or community service, he was asking him to order no recorded conviction.
The prosecution lawyers looked at Kayser as if he was telling a good joke. The AFP had spent months tracking these hackers and almost three years preparing the case against them. And now this barrister was seriously suggesting that one of the key players should get off virtually scot-free, with not so much as a conviction recorded against him? It was too much.
The judge retired to consider the sentence. When he returned, he was brief and to the point. No prison. No community service. The recording of 26 convictions. A $500 three-year good behaviour bond. Forfeiture of the now ancient Apple computer seized by police in the raid. And a reparation payment to the Australian National University of $2100.
Relief passed over Prime Suspect's face, pink and sweaty from the tension. His friends and family smiled at each other.
Chettle then asked the judge to rule on what he called `the cooperation point'. He wanted the judge to say that Prime Suspect's sentence was less than it would have been because the hacker had turned Crown witness. The DPP was shoring up its position with regard to its remaining target—Mendax.
Judge Lewis told the court that the cooperation in this case made no difference. At the back of the court, Mendax felt suddenly sad. It was good news for him, but somehow it felt like a hollow victory.
Prime Suspect has destroyed our friendship, he thought, and all for nothing.
Two months after Prime Suspect's sentencing, Trax appeared in another County Court room to receive his sentence after pleading guilty to six counts of hacking and phreaking. Despite taking medication to keep his anxiety under control while in the city, he was still very nervous in the dock.
Since he faced the least number of charges of any of the IS hackers, Trax believed he had a shot at no recorded conviction. Whether or not his lawyer could successfully argue the case was another matter. Bumbling through papers he could never seem to organise, Trax's lawyer rambled to the court, repeated the same points over and over again, jumping all over the place in his arguments. His voice was a half-whispered rasp—a fact which so annoyed the judge that he sternly instructed the lawyer to speak up.
Talking informally before court, Geoff Chettle had told Mendax that in his view there was no way Judge Mervyn Kimm would let Trax off with no recorded conviction. Judge Kimm was considered to be one tough nut to crack. If you were a bookmaker running bets on his court at a sentencing hearing, the good money would be on the prosecution's side.
But on 20 September 1995, the judge showed he couldn't be predicted quite so easily. Taking everything into account, including Prime Suspect's sentence and Trax's history of mental illness, he ordered no conviction be recorded against Trax. He also ordered a $500 three-year good behaviour bond.
In passing sentence, Judge Kimm said something startlingly insightful for a judge with little intimate knowledge of the hacker psyche. While sternly stating that he did not intend to make light of the gravity of the offences, he told the court that `the factors of specific deterrence and general deterrence have little importance in the determination of the sentence to be imposed'. It was perhaps the first time an Australian judge had recognised that deterrence had little relevance at the point of collision between hacking and mental illness.
Trax's sentence was also a good outcome for Mendax, who on 29 August 1995 pleaded guilty to eight counts of computer crime, and not guilty to all the other charges. Almost a year later, on 9 May 1996, he pleaded guilty to an additional eleven charges, and not guilty to six. The prosecution dropped all the other charges.
Mendax wanted to fight those six outstanding charges, which involved ANU, RMIT, NorTel and Telecom, because he felt that the law was on his side in these instances. In fact, the law was fundamentally unclear when it came to those charges. So much so that the DPP and the defence agreed to take issues relating to those charges in a case stated to the Supreme Court of Victoria.
In a case stated, both sides ask the Supreme Court to make a ruling not on the court case itself, but on a point of law. The defence and the prosecution hammer out an agreed statement about the facts of the case and, in essence, ask the Supreme Court judges to use that statement as a sort of case study. The resulting ruling is meant to clarify the finer points of the law not only for the specific case, but for similar cases which appear in future.
Presenting a case stated to the Supreme Court is somewhat uncommon. It is unusual to find a court case where both sides can agree on enough of the facts, but Mendax's hacking charges presented the perfect case and the questions which would be put to the Victorian Supreme Court in late 1996 were crucial for all future hacking cases in Australia. What did it mean `to obtain access' to a computer? Did someone obtain access if he or she got in without using a password? What if he or she used the username `guest' and the password `guest'?
Perhaps the most crucial question of all was this: does a person `obtain access' to data stored in a computer if he or she has the ability to view the data, but does not in fact view or even attempt to view that data?
A good example of this applied to the aggravated versions of the offence of hacking: viewing commercial information. If, for example, Mendax logged into a NorTel computer, which contained commercially sensitive information, but he didn't actually read any of those files, would he be guilty of `obtaining access' or `obtaining access to commercial information'?
The chief judge of the County Court agreed to the case stated and sent it up to the full bench of the Supreme Court. The lawyers from both sides were pleased with the bench—Justices Frank Vincent, Kenneth Hayne and John Coldrey.
On 30 September 1996, Mendax arrived at the Supreme Court and found all the lawyers assembled at the court—all except for his barrister. Paul Galbally kept checking his watch as the prosecution lawyers began unpacking their mountains of paper—the fruit of months of preparation. Galbally paced the plush carpet of the Supreme Court anteroom. Still no barrister.
Mendax's barrister had worked tirelessly, preparing for the case stated as if it was a million dollar case. Combing through legal precedents from not only Australia, the UK and the US, but from all the world's Western-style democracies, he had attained a great understanding of the law in the area of computer crime. He had finally arrived at that nexus of understanding between law, philosophy and linguistics which many lesser lawyers spent their entire careers trying to reach.
But where was he? Galbally pulled out his mobile and checked in with his office for what seemed like the fifth time in as many minutes. The news he received was bad. He was told, through second-hand sources, that the barrister had collapsed in a state of nervous exhaustion. He wouldn't be making it to court.
Galbally could feel his hairs turning grey.
When court opened, Galbally had to stand up and explain to three of the most senior judges in Australia why the defence would like a two-day adjournment. A consummate professional, Geoff Chettle supported the submission. Still, it was a difficult request. Time in the Supreme Court is a scarce and valuable thing. Fortunately, the adjournment was granted.
This gave Galbally exactly two days in which to find a barrister who was good, available and smart enough to assimilate a massive amount of technical information in a short time. He found Andrew Tinney.
Tinney worked around the clock and by Wednesday, 2 October, he was ready. Once again, all the lawyers, and the hacker, gathered at the court.
This time, however, it was the judges who threw a spanner into the works. They asked both sides to spend the first hour or so explaining exactly why the Supreme Court should hear the case stated at all. The lawyers looked at each other in surprise. What was this all about?
After hearing some brief arguments from both sides, the judges retired to consider their position. When they returned, Justice Hayne read a detailed judgment saying, in essence, that the judges refused to hear the case.
As the judge spoke, it became clear that the Supreme Court judges weren't just refusing to hear this case stated; they were virtually refusing to hear any case stated in future. Not for computer crimes. Not for murder. Not for fraud. Not for anything. They were sending a message to the County Court judges: don't send us a case stated except in exceptional circumstances.
Geoff Chettle slumped in his chair, his hands shielding his face. Paul Galbally looked stunned. Andrew Tinney looked as if he wanted to leap from his chair shouting, `I just killed myself for the past two days on this case! You have to hear it!' Even Lesley Taylor, the quiet, unflappable and inscrutable DPP solicitor who had replaced Andrea Pavleka on the case, looked amazed.
The ruling had enormous implications. Judges from the lower courts would be loath to ever send cases to the Supreme Court for clarification on points of law again. Mendax had made legal history, but not in the way he had hoped.
Mendax's case passed back down to the County Court.
He had considered taking his case to trial, but with recently announced budget cuts to Legal Aid, he knew there was little hope of receiving funding to fight the charges. The cuts were forcing the poor to plead guilty, leaving justice available only for the wealthy. Worse, he felt the weight of pleading guilty, not only as a sense of injustice in his own case, but for future hacking cases which would follow. Without clarity on the meaning of the law—which the judges had refused to provide—or a message from a jury in a landmark case, such as Wandii's trial, Mendax believed that hackers could expect little justice from either the police or the courts in the future.
On 5 December 1996, Mendax pleaded guilty to the remaining six charges and was sentenced on all counts.
Court Two was quiet that day. Geoff Chettle, for the prosecution, wasn't there. Instead, the quietly self-possessed Lesley Taylor handled the matter. Paul Galbally appeared for Mendax himself. Ken Day sat, expressionless, in the front row of the public benches. He looked a little weary. A few rows back, Mendax's mother seemed nervous. Electron slipped silently into the back of the room and gave Mendax a discreet smile.
His hair pulled back into a loose ponytail, Mendax blinked and rolled his eyes several times as if brought from a dark space into the bright, white-walled courtroom.
Judge Ross, a ruddy-faced and jowly man of late middle age with bushy, grey eyebrows, seated himself in his chair. At first, he was reluctant to take on the case for sentencing. He thought it should be returned to one of the original judges—Judge Kimm or Judge Lewis. When he walked into court that morning, he had not read the other judges' sentences.
Lesley Taylor summarised the punishments handed down to the other two hackers. The judge did not look altogether pleased. Finally, he announced he would deal with the case. `Two judges have had a crack at it, why not a third one? He might do it properly.'
Galbally was concerned. As the morning progressed, he became increasingly distressed; things were not going well. Judge Ross made clear that he personally favoured a custodial sentence, albeit a suspended one. The only thing protecting Mendax seemed to be the principle of parity in sentencing. Prime Suspect and Trax had committed similar crimes to Mendax, and therefore he had to be given a similar sentence.
Ross `registered some surprise' at Judge Lewis's disposition toward the sentencing of Prime Suspect. In the context of parity, he told Leslie Taylor, he was at times `quite soured by some penalties' imposed by other judges. He quizzed her for reasons why he might be able to step outside parity.
He told the court that he had not read the telephone intercepts in the legal brief. In fact, he had `only read the summary of facts' and when Taylor mentioned `International Subversive', he asked her, `What was that?'
Then he asked her how to spell the word `phreak'.
Later that day, after Judge Ross had read the other judges' sentences, he gave Mendax a sentence similar to Prime Suspect's—a recorded conviction on all counts, a reparation payment of $2100 to ANU and a three-year good behaviour bond.
There were two variations. Prime Suspect and Trax both received $500 good behaviour bonds; Judge Ross ordered a $5000 bond for Mendax. Further, Judge Lewis had given Prime Suspect almost twelve months to pay his $2100 reparation. Judge Ross ordered Mendax to pay within three months.
Judge Ross told Mendax, `I repeat what I said before. I thought initially that these were offences which justified a jail sentence, but the mitigatory circumstances would have converted that to a suspended sentence. The sentence given to your co-offender caused me to alter that view, however.' He was concerned, he said, `that highly intelligent individuals ought not to behave like this and I suspect it is only highly intelligent individuals who can do what you did'.
The word `addiction' did not appear anywhere in the sentencing transcript.
They had a gun at my head and a knife at my back; Don't wind me up too tight.
— from `Powderworks' (also called The Blue Album).
Anthrax didn't like working as part of a team. He always considered other people to be the weakest link in the chain.
Although people were never to be trusted completely, he socialised with many hackers and phreakers and worked with a few of them now and again on particular projects. But he never formed intimate partnerships with any of them. Even if a fellow hacker dobbed him in to the police, the informant couldn't know the full extent of his activities. The nature of his relationships was also determined, in part, by his isolation. Anthrax lived in a town in rural Victoria.
Despite the fact that he never joined a hacking partnership like The Realm, Anthrax liked people, liked to talk to them for hours at a time on the telephone. Sometimes he received up to ten international calls a day from his phreaker friends overseas. He would be over at a friend's house, and the friend's mother would knock on the door of the bedroom where the boys were hanging out, listening to new music, talking.
The mother would poke her head in the door, raise an eyebrow and point at Anthrax. `Phone call for you. Someone from Denmark.' Or sometimes it was Sweden. Finland. The US. Wherever. Though they didn't say anything, his friends' parents thought it all a bit strange. Not many kids in country towns got international calls trailing them around from house to house. But then not many kids were master phreakers.
Anthrax loved the phone system and he understood its power. Many phreakers thought it was enough to be able to call their friends around the globe for free. Or make hacking attack phone calls without being traced. However, real power for Anthrax lay in controlling voice communications systems—things that moved conversations around the world. He cruised through people's voice mailbox messages to piece together a picture of what they were doing. He wanted to be able to listen into telephone conversations. And he wanted to be able to reprogram the telephone system, even take it down. That was real power, the kind that lots of people would notice.
The desire for power grew throughout Anthrax's teenage years. He ached to know everything, to see everything, to play with exotic systems in foreign countries. He needed to know the purpose of every system, what made them tick, how they fitted together. Understanding how things worked would give him control.
His obsession with telephony and hacking began early in life. When he was about eleven, his father had taken him to see the film War Games. All Anthrax could think of as he left the theatre was how much he wanted to learn how to hack. He had already developed a fascination for computers, having received the simplest of machines, a Sinclair ZX81 with 1 k of memory, as a birthday present from his parents. Rummaging through outdoor markets, he found a few second-hand books on hacking. He read Out of the Inner Circle by Bill Landreth, and Hackers by Steven Levy.
By the time he was fourteen, Anthrax had joined a Melbourne-based group of boys called The Force. The members swapped Commodore 64 and Amiga games. They also wrote their own demos—short computer programs—and delighted in cracking the copy protections on the games and then trading them with other crackers around the world. It was like an international penpal group. Anthrax liked the challenge provided by cracking the protections, but few teenagers in his town shared an interest in his unusual hobby. Joining The Force introduced him to a whole new world of people who thought as he did.
When Anthrax first read about phreaking he wrote to one of his American cracking contacts asking for advice on how to start. His friend sent him a list of AT&T calling card numbers and a toll-free direct-dial number which connected Australians with American operators. The card numbers were all expired or cancelled, but Anthrax didn't care. What captured his imagination was the fact that he could call an operator all the way across the Pacific for free. Anthrax began trying to find more special numbers.
He would hang out at a pay phone near his house. It was a seedy neighbourhood, home to the most downtrodden of all the town's residents, but Anthrax would stand at the pay phone for hours most evenings, oblivious to the clatter around him, hand-scanning for toll-free numbers. He dialled 0014—the prefix for the international toll-free numbers—followed by a random set of numbers. Then, as he got more serious, he approached the task more methodically. He selected a range of numbers, such as 300 to 400, for the last three digits. Then he dialled over and over, increasing the number by one each time he dialled. 301. 302. 303. 304. Whenever he hit a functioning phone number, he noted it down. He never had to spend a cent since all the 0014 numbers were free.
Anthrax found some valid numbers, but many of them had modems at the other end. So he decided it was time to buy a modem so he could explore further. Too young to work legally, he lied about his age and landed an after-school job doing data entry at an escort agency. In the meantime, he spent every available moment at the pay phone, scanning and adding new numbers to his growing list of toll-free modem and operator-assisted numbers.
The scanning became an obsession. Often Anthrax stayed at the phone until 10 or 11 p.m. Some nights it was 3 a.m. The pay phone had a rotary dial, making the task laborious, and sometimes he would come home with blisters on the tips of his fingers.
A month or so after he started working, he had saved enough money for a modem.
Hand scanning was boring, but no more so than school. Anthrax attended his state school regularly, at least until year 10. Much of that was due to his mother's influence. She believed in education and in bettering oneself, and she wanted to give her son the opportunities she had been denied. It was his mother, a psychiatric nurse, who scrimped and saved for months to buy him his first real computer, a $400 Commodore 64. And it was his mother who took out a loan to buy the more powerful Amiga a few years later in 1989. She knew the boy was very bright. He used to read her medical textbooks, and computers were the future.
Anthrax had always done well in school, earning distinctions every year from year 7 to year 10. But not in maths. Maths bored him. Still, he had some aptitude for it. He won an award in year 6 for designing a pendulum device which measured the height of a building using basic trigonometry—a subject he had never studied. However, Anthrax didn't attend school so much after year 10. The teachers kept telling him things he already knew, or things he could learn much faster from reading a book. If he liked a topic, he wandered off to the library to read about it.
Things at home became increasingly complicated around that time. His family had struggled from the moment they arrived in Australia from England, when Anthrax was about twelve. They struggled financially, they struggled against the roughness of a country town, and, as Indians, Anthrax, his younger brother and their mother struggled against racism.
The town was a violent place, filled with racial hatred and ethnic tension. The ethnics had carved out corners for themselves, but incursions into enemy territory were common and almost always resulted in violence. It was the kind of town where people ended up in fist fights over a soccer game. Not an easy place for a half-Indian, half-British boy with a violent father.
Anthrax's father, a white Englishman, came from a farming family. One of five sons, he attended an agricultural college where he met and married the sister of an Indian student on a scholarship. Their marriage caused quite a stir, even making the local paper under the headline `Farmer Marries Indian Woman'. It was not a happy marriage and Anthrax often wondered why his father had married an Indian. Perhaps it was a way of rebelling against his dominating father. Perhaps he had once been in love. Or perhaps he simply wanted someone he could dominate and control. Whatever the reason, the decision was an unpopular one with Anthrax's grandfather and the mixed-race family was often excluded from larger family gatherings.
When Anthrax's family moved to Australia, they had almost no money. Eventually, the father got a job as an officer at Melbourne's Pentridge prison, where he stayed during the week. He only received a modest income, but he seemed to like his job. The mother began working as a nurse. Despite their new-found financial stability, the family was not close. The father appeared to have little respect for his wife and sons, and Anthrax had little respect for his father.
As Anthrax entered his teenage years, his father became increasingly abusive. On weekends, when he was home from work, he used to hit Anthrax, sometimes throwing him on the floor and kicking him. Anthrax tried to avoid the physical abuse but the scrawny teenager was little match for the beefy prison officer. Anthrax and his brother were quiet boys. It seemed to be the path of least resistance with a rough father in a rough town. Besides, it was hard to talk back in the painful stutter both boys shared through their early teens.
One day, when Anthrax was fifteen, he came home to find a commotion at his house. On entering the house, Anthrax went to his parents' bedroom. He found his mother there, and she was very upset and emotionally distressed. He couldn't see his father anywhere, but found him relaxing on the sofa in the lounge room, watching TV.
Disgust consumed Anthrax and he retreated into the kitchen. When his father came in not long after to prepare some food Anthrax watched his back with revulsion. Then he noticed a carving knife resting on the counter. As Anthrax reached for the knife, an ambulance worker appeared in the doorway. Anthrax put the knife down and walked away.
But he wasn't so quiet after that. He started talking back, at home and at school, and that marked the beginning of the really big problems. In primary school and early high school he had been beaten up now and again. Not any more. When a fellow student hauled Anthrax up against the wall of the locker shed and started shaking him and waving his fist, Anthrax lost it. He saw, for a moment, his father's face instead of the student's and began to throw punches in a frenzy that left his victim in a terrible state.
At home, Anthrax's father learned how to bait his son. The bully always savours a morsel of resistance from the victim, which makes going in for the kill a little more fun. Talking back gave the father a good excuse to get violent. Once he nearly broke his son's neck. Another time it was his arm. He grabbed Anthrax and twisted his arm behind his back. There was an eerie sound of cracking cartilage, and then pain. Anthrax screamed for his father to stop. His father twisted Anthrax's arm harder, then pressed on his neck. His mother shrieked at her husband to let go of her son. He wouldn't.
`Look at you crying,' his father sneered. `You disgusting animal.'
`You're the disgusting animal,' Anthrax shouted, talking back again.
His father threw Anthrax on the floor and began kicking him in the head, in the ribs, all over.
Anthrax ran away. He went south to Melbourne for a week, sleeping anywhere he could, in the empty night-time spaces left over by day workers gone to orderly homes. He even crashed in hospital emergency rooms. If a nurse asked why he was there, he would answer politely, `I received a phone call to meet someone here'. She would nod her head and move on to someone else.
Eventually, when Anthrax returned home, he took up martial arts to become strong. And he waited.
Anthrax was poking around a MILNET gateway when he stumbled on the door to System X.* He had wanted to find this system for months, because he had intercepted email about it which had aroused his curiosity.
Anthrax telnetted into the gateway. A gateway binds two different networks. It allows, for example, two computer networks which talk different languages to communicate. A gateway might allow someone on a system running DECNET to login to a TCP/IP based system, like a Unix. Anthrax was frustrated that he couldn't seem to get past the System X gateway and on to the hosts on the other side.
Using normal address formats for a variety of networks, he tried telling the gateway to make a connection. X.25. TCP/IP. Whatever lay beyond the gateway didn't respond. Anthrax looked around until he found a sample of addresses in a help file. None of them worked, but they offered a clue as to what format an address might take.
Each address had six digits, the first three numbers of which corresponded to telephone area codes in the Washington DC area. So he picked one of the codes and started guessing the last three digits.
Hand scanning was a pain, as ever, but if he was methodical and persistent, something should turn up. 111. 112. 113. 114. 115. On it went. Eventually he connected to something—a Sunos Unix system—which gave him a full IP address in its login message. Now that was handy. With the full IP address, he could connect to System X again through the Internet directly—avoiding the gateway if he chose to. It's always helpful in covering your tracks to have a few different routing options. Importantly, he could approach System X through more than just its front door.
Anthrax spiralled through the usual round of default usernames and passwords. Nothing. This system required a more strategic attack.
He backed out of the login screen, escaped from the gateway and went to another Internet site to have a good look at System X from a healthy distance. He `fingered' the site, pulling up any bit of information System X would release to the rest of the Internet when asked. He probed and prodded, looking for openings. And then he found one. Sendmail.
The version of Sendmail run by System X had a security hole Anthrax could exploit by sending himself a tiny backdoor program. To do this, he used System X's mail-processing service to send a `letter' which contained a tiny computer program. System X would never have allowed the program to run normally, but this program worked like a letter bomb. When System X opened the letter, the program jumped out and started running. It told System X that anyone could connect to port 2001—to an interactive shell—of the computer without using a password.
A port is a door to the outside world. TCP/IP computers use a standard set of ports for certain services. Port 25 for mail. Port 79 for Finger. Port 21 for FTP. Port 23 for Telnet. Port 513 for Rlogin. Port 80 for the World Wide Web. A TCP/IP based computer system has 65535 ports but most of them go unused. Indeed, the average Unix box uses only 35, leaving the remaining 65500 ports sitting idle. Anthrax simply picked one of these sleepy ports, dusted off the cobwebs and plugged in using the backdoor created by his tiny mail-borne program.
Connecting directly to a port created some problems, because the system wouldn't recognise certain keystrokes from the port, such as the return key. For this reason, Anthrax had to create an account for himself which would let him telnet to the site and login like any normal user. To do this, he needed root privileges in order to create an account and, ultimately, a permanent backdoor into the system.
He began hunting for vulnerabilities in System X's security. There was nothing obvious, but he decided to try out a bug he had successfully used elsewhere. He had first learned about it on an international phone conference, where he had traded information with other hackers and phreakers. The security hole involved the system's relatively obscure load-module program. The program added features to the running system but, more importantly, it ran as root, meaning that it had a free run on the system when it was executed. It also meant that any other programs the load-module program called up also ran as root. If Anthrax could get this program to run one of his own programs—a little Trojan—he could get root on System X.
The load-module bug was by no means a sure thing on System X. Most commercial systems—computers run by banks or credit agencies, for example—had cleaned up the load-module bug in their Sunos computers months before. But military systems consistently missed the bug. They were like turtles—hard on the outside, but soft and vulnerable on the inside. Since the bug couldn't be exploited unless a hacker was already inside a system, the military's computer security officials didn't seem to pay much attention to it. Anthrax had visited a large number of military systems prior to System X, and in his experience more than 90 per cent of their Sunos computers had never fixed the bug.
With only normal privileges, Anthrax couldn't force the load-module program to run his backdoor Trojan program. But he could trick it into doing so. The secret was in one simple keyboard character: /.
Unix-based computer systems are a bit like the protocols of the diplomatic corps; the smallest variation can change something's meaning entirely. Hackers, too, understand the implications of subtle changes.
A Unix-based system reads the phrase:
/bin/program
very differently from:
bin program
One simple character—the `/'—makes an enormous difference. A Unix computer reads the `/' as a road sign. The first phrase tells the computer, `Follow the road to the house of the user called "bin" and when you get there, go inside and fetch the file called "program" and run it'. A blank space, however, tells the computer something quite different. In this case, Anthrax knew it told the computer to execute the command which proceeded the space. That second phrase told the machine, `Look everywhere for a program called "bin" and run it'.
Anthrax prepared for his attack on the load-module program by installing his own special program, named `bin', into a temporary storage area on System X. If he could get System X to run his program with root privileges, he too would have procured root level access to the system. When everything was in place, Anthrax forced the system to read the character `/' as a blank space. Then he ran the load-module program, and watched. When System X hunted around for a program named `bin', it quickly found Anthrax's Trojan and ran it.
The hacker savoured the moment, but he didn't pause for long. With a few swift keystrokes, he added an entry to the password file, creating a basic account for himself. He exited his connection to port 2001, circled around through another route, using the 0014 gateway, and logged into System X using his newly created account. It felt good walking in through the front door.
Once inside, Anthrax had a quick look around. The system startled him. There were only three human users. Now that was definitely odd. Most systems had hundreds of users. Even a small system might serve 30 or 40 people, and this was not a small system. He concluded that System X wasn't just some machine designed to send and receive email. It was operational. It did something.
Anthrax considered how to clean up his footsteps and secure his position. While he was hardly broadcasting his presence, someone might discover his arrival simply by looking at who was logged in on the list of accounts in the password file. He had given his backdoor root account a bland name, but he could reasonably assume that these three users knew their system pretty well. And with only three users, it was probably the kind of system that had lots of babysitting. After all that effort, Anthrax needed a watchful nanny like a hole in the head. He worked at moving into the shadows.
He removed himself from the WTMP and UTMP files, which listed who had been on-line and who was still logged in. Anthrax wasn't invisible, but an admin would have to look closely at the system's network connections and list of processes to find him. Next stop: the login program.
Anthrax couldn't use his newly created front-door account for an extended period—the risk of discovery was too great. If he accessed the computer repeatedly in this manner, a prying admin might eventually find him and delete his account. An extra account on a system with only three users was a dead give-away. And losing access to System X just as things were getting interesting was not on his agenda.
Anthrax leaned back in his chair and stretched his shoulders. His hacking room was an old cloakroom, though it was barely recognisable as such. It looked more like a closet—a very messy closet. The whole room was ankle-deep in scrap papers, most of them with lists of numbers on the back and front. Occasionally, Anthrax scooped up all the papers and piled them into heavy-duty garbage bags, three of which could just fit inside the room at any one time. Anthrax always knew roughly where he had `filed' a particular set of notes. When he needed it, he tipped the bag onto the floor, searched through the mound and returned to the computer. When the sea of paper reached a critical mass, he jammed everything back into the garbage bag again.
The computer—an Amiga 500 box with a cheap Panasonic TV as the monitor—sat on a small desk next to his mother's sewing machine cabinet. The small bookcase under the desk was stuffed with magazines like Compute and Australian Communications, along with a few Commodore, Amiga and Unix reference manuals. There was just enough space for Anthrax's old stereo and his short-wave radio. When he wasn't listening to his favourite show, a hacking program broadcast from a pirate station in Ecuador, he tuned into Radio Moscow or the BBC's World Service.
Anthrax considered what to do with System X. This system had aroused his curiosity and he intended to visit it frequently.
It was time to work on the login patch. The patch replaced the system's normal login program and had a special feature: a master password. The password was like a diplomatic passport. It would let him do anything, go anywhere. He could login as any user using the master password. Further, when he logged in with the master password, he wouldn't show up on any log files—leaving no trail. But the beauty of the login patch was that, in every other way, it ran as the normal login program. The regular computer users—all three of them—could login as usual with their passwords and would never know Anthrax had been in the system.
He thought about ways of setting up his login patch. Installing a patch on System X wasn't like mending a pair of jeans. He couldn't just slap on a swath from an old bandanna and quick-stitch it in with a thread of any colour. It was more like mending an expensive cashmere coat. The fabric needed to be a perfect match in colour and texture. And because the patch required high-quality invisible mending, the size also needed to be just right.
Every file in a computer system has three dates: the date it was created, the date it was last modified and the date it was last accessed. The problem was that the login patch needed to have the same creation and modification dates as the original login program so that it would not raise suspicions. It wasn't hard to get the dates but it was difficult to paste them onto the patch. The last access date wasn't important as it changed whenever the program was run anyway—whenever a user of the System X logged in.
If Anthrax ripped out the original login program and stitched his patch in its place, the patch would be stamped with a new creation date. He knew there was no way to change a creation date short of changing the clock for the whole system—something which would cause problems elsewhere in System X.
The first thing a good system admin does when he or she suspects a break-in is search for all files created or modified over the previous few days. One whiff of an intruder and a good admin would be all over Anthrax's login patch within about five minutes.
Anthrax wrote the modification and creation dates down on a bit of paper. He would need those in a moment. He also jotted down the size of the login file.
Instead of tearing out the old program and sewing in a completely new one, Anthrax decided to overlay his patch by copying it onto the top of the old program. He uploaded his own login patch, with his master password encased inside it, but he didn't install it yet. His patch was called `troj'—short for Trojan. He typed:
cat
The cat command told the computer: `go get the data in the file called "troj" and put it in the file "/bin/login"'. He checked the piece of paper where he had scribbled down the original file's creation and modification dates, comparing them to the new patch. The creation date and size matched the original. The modification date was still wrong, but he was two-thirds of the way home.
Anthrax began to fasten down the final corner of the patch by using a little-known feature of the command:
/usr/5bin/date
Then he changed the modification date of his login patch to the original login file's date.
He stepped back to admire his work from a distance. The newly installed patch matched the original perfectly. Same size. Same creation date. Same modification date. With patch in place, he deleted the root account he had installed while visiting port 2001. Always take your garbage with you when you leave.
Now for the fun bit. Snooping around. Anthrax headed off for the email, the best way to work out what a system was used for. There were lots of reports from underlings to the three system users on buying equipment, progress reports on a certain project, updates. What was this project?
Then Anthrax came across a huge directory. He opened it and there, couched inside, were perhaps 100 subdirectories. He opened one of them. It was immense, containing hundreds of files. The smallest subfile had perhaps 60 computer screens' worth of material, all of it unintelligible. Numbers, letters, control codes. Anthrax couldn't make head nor tail of the files. It was as if he was staring at a group of binary files. The whole subdirectory was filled with thousands of pages of mush. He thought they looked like data files for some database.
As he didn't have the program he needed to interpret the mush, Anthrax cast around looking for a more readable directory.
He pried open a file and discovered it was a list. Names and phone numbers of staff at a large telecommunications company. Work phone numbers. Home numbers. Well, at least that gave him a clue as to the nature of the project. Something to do with telecommunications. A project important enough that the military needed the home phone numbers of the senior people involved.
The next file confirmed it. Another list, a very special list. A pot of gold at the end of the rainbow. The find of a career spent hacking.
If the US government had had any inkling what was happening at that moment, heads would have rolled. If it had known that a foreigner, and a follower of what mainstream American media termed an extremist religious group, had this information in his possession, the defence agency would have called in every law enforcement agency it could enlist.
As John McMahon might have said, a lot of yelling and screaming would have occurred.
Anthrax's mother had made a good home for the family, but his father continued to disrupt it with his violence. Fun times with his friends shone like bright spots amidst the decay of Anthrax's family life. Practical jokes were his specialty. Even as a small child, he had delighted in trickery and as he grew up, the jokes became more sophisticated. Phreaking was great. It let him prank people all over the world. And pranking was cool.