The debate flew forward, changing and growing, and expanding beyond Britain's borders. In Hong Kong, the South China Morning Post asked, `Is [this] case evidence of a new social phenomenon, with immature and susceptible minds being damaged through prolonged exposure to personal computers?' The paper described public fear that Wandii's case would result in `the green light for an army of computer-literate hooligans to pillage the world's databases at will, pleading insanity when caught'.11
By April Fool's Day 1991, more than two weeks after the end of the court case, Wandii had his own syndrome named after him, courtesy of The Guardian.
And while Wandii, his mother and his team of lawyers celebrated their victory quietly, the media reported that the Scotland Yard detectives commiserated over their defeat, which was considerably more serious than simply losing the Wandii case. The Computer Crimes Unit was being `reorganised'. Two experienced officers from the five-man unit were being moved out of the group. The official line was that the `rotations' were normal Scotland Yard procedure. The unofficial word was that the Wandii case had been a fiasco, wasting time and money, and the debacle was not to be repeated.
In the north, a dark cloud gathered over Pad and Gandalf as their judgment day approached. The Wandii case verdict might have been cause for celebration among some in the computer underground, but it brought little joy for the other two 8lgm hackers.
For Pad and Gandalf, who had already pleaded guilty, Wandii's acquittal was a disaster.
On 12 May 1993, two months after Wandii's acquittal, Boris Kayser stood up at the Bar table to put forward Electron's case at the Australian hacker's plea and sentencing hearing. As he began to speak, a hush fell over the Victorian County Court.
A tall, burly man with a booming voice, an imperious courtroom demeanour and his traditional black robes flowing behind him in an echo of his often emphatic gesticulations, Kayser was larger than life. A master showman, he knew how to play an audience of courtroom journalists sitting behind him as much as to the judge in front of him.
Electron had already stood in the dock and pleaded guilty to fourteen charges, as agreed with the DPP's office. In typical style, Kayser had interrupted the long process of the court clerk reading out each charge and asking whether Electron would plead guilty or not guilty. With an impatient wave of his hand, Kayser asked the judge to dispense with such formalities since his client would plead guilty to all the agreed charges at once. The interjection was more of an announcement than a question.
The formalities of a plea having been summarily dealt with, the question now at hand was sentencing. Electron wondered if he would be sent to prison. Despite lobbying from Electron's lawyers, the DPP's office had refused to recommend a non-custodial sentence. The best deal Electron's lawyers had been able to arrange in exchange for turning Crown witness was for the DPP to remain silent on the issue of prison. The judge would make up his mind without input from the DPP.
Electron fiddled nervously with his father's wedding ring, which he wore on his right hand. After his father's death, Electron's sister had begun taking things from the family home. Electron didn't care much because there were only two things he really wanted: that ring and some of his father's paintings.
Kayser called a handful of witnesses to support the case for a light sentence. Electron's grandmother from Queensland. The family friend who had driven Electron to the hospital the day his father died. Electron's psychiatrist, the eminent Lester Walton. Walton in particular highlighted the difference between the two possible paths forward: prison, which would certainly traumatise an already mentally unstable young man, or freedom, which offered Electron a good chance of eventually establishing a normal life.
When Kayser began summarising the case for a non-custodial sentence, Electron could hear the pack of journalists off to his side frantically scribbling notes. He wanted to look at them, but he was afraid the judge would see his ponytail, carefully tucked into his neatly ironed white shirt, if he turned sideways,
`Your Honour,' Kayser glanced backward slightly, toward the court reporters, as he warmed up, `my client lived in an artificial world of electronic pulses.'
Scratch, scribble. Electron could almost predict, within half a second, when the journalists' pencils and pens would reach a crescendo of activity. The ebb and flow of Boris's boom was timed in the style of a TV newsreader.
Kayser said his client was addicted to the computer the way an alcoholic was obsessed with the bottle. More scratching, and lots of it. This client, Kayser thundered, had never sought to damage any system, steal money or make a profit. He was not malicious in the least, he was merely playing a game.
`I think,' Electron's barrister concluded passionately, but slowly enough for every journalist to get it down on paper, `that he should have been called Little Jack Horner, who put in his thumb, pulled out a plumb and said, "What a good boy am I!"'
Now came the wait. The judge retired to his chambers to weigh up the pre-sentence report, Electron's family situation, the fact that he had turned Crown witness, his offences—everything. Electron had given a nine-page written statement against Phoenix to the prosecution. If the Phoenix case went to trial, Electron would be put on the stand to back up that statement.
In the month before Electron returned to court to hear his sentence, he thought about how he could have fought the case. Some of the charges were dubious.
In one case, he had been charged with illegally accessing publicinformation through a public account. He had accessed the anonymousFTP server at the University of Helsinki to copy information aboutDES. His first point of access had been through a hacked MelbourneUniversity account.
Beat that charge, Electron's lawyer had told him, and there's plenty more where that came from. The DPP had good pickings and could make up a new charge for another site. Still, Electron reasoned some of the Crown's evidence would not have stood up under cross-examination.
When reporters from Australia and overseas called NASA headquarters for comment on the hacker-induced network shutdown, the agency responded that it had no idea what they were talking about. There had been no NASA network shutdown. A spokesman made inquiries and, he assured the media, NASA was puzzled by the report. Sharon Beskenis's statement didn't seem so watertight after all. She was not, it turned out, even a NASA employee but a contractor from Lockheed.
During that month-long wait, Electron had trouble living down Kayser's nursery-rhyme rendition in the courtroom. When he rang friends, they would open the conversation saying, `Oh, is that Little Jack Horner?'
They had all seen the nightly news, featuring Kayser and his client. Kayser had looked grave leaving court, while Electron, wearing John Lennon-style glasses with dark lenses and with his shoulder-length curls pulled tightly back in a ponytail, had tried to smile at the camera crews. But his small, fine features and smattering of freckles disappeared under the harsh camera lights, so much so that the black, round spectacles seemed almost to float on a blank, white surface.
The week after Electron pleaded guilty in Australia, Pad and Gandalf sat side by side in London's Southwark dock one last time.
For a day and a half, beginning on 20 May 1993, the two hackers listened to their lawyers argue their defence. Yes, our clients hacked computers, they told the judge, but the offences were nowhere near as serious as the prosecution wants to paint them. The lawyers were fighting hard for one thing: to keep Pad and Gandalf out of prison.
Some of the hearing was tough going for the two hackers, but not just because of any sense of foreboding caused by the judge's imminent decision. The problem was that Gandalf made Pad laugh, and it didn't look at all good to laugh in the middle of your sentencing hearing. Sitting next to Gandalf for hours on end, while lawyers from both sides butchered the technical aspects of computer hacking which the 8lgm hackers had spent years learning, did it. Pad had only to give Gandalf a quick sidelong glance and he quickly found himself swallowing and clearing his throat to keep from bursting into laughter. Gandalf's irrepressible irreverence was written all over his face.
The stern-faced Judge Harris could send them to jail, but he still wouldn't understand. Like the gaggle of lawyers bickering at the front of the courtroom, the judge was—and would always be—out of the loop. None of them had any idea what was really going on inside the heads of the two hackers. None of them could ever understand what hacking was all about—the thrill of stalking a quarry or of using your wits to outsmart so-called experts; the pleasure of finally penetrating a much-desired machine and knowing that system is yours; the deep anti-establishment streak which served as a well-centred ballast against the most violent storms washing in from the outside world; and the camaraderie of the international hacking community on Altos.
The lawyers could talk about it, could put experts on the stand and psychological reports in the hands of the judge, but none of them would ever really comprehend because they had never experienced it. The rest of the courtroom was out of the loop, and Pad and Gandalf stared out from the dock as if looking through a two-way mirror from a secret, sealed room.
Pad's big worry had been this third charge—the one which he faced alone. At his plea hearing, he had admitted to causing damage to a system owned by what was, in 1990, called the Polytechnic of Central London. He hadn't damaged the machine by, say, erasing files, but the other side had claimed that the damages totalled about [sterling]250 000.
The hacker was sure there was zero chance the polytechnic had spent anything near that amount. He had a reasonable idea of how long it would take someone to clean up his intrusions. But if the prosecution could convince a judge to accept that figure, the hacker might be looking at a long prison term.
Pad had already braced himself for the possibility of prison. His lawyer warned him before the sentencing date that there was a reasonable likelihood the two 8lgm hackers would be sent down. After the Wandii case, the public pressure to `correct' a `wrong' decision by the Wandii jury was enormous. The police had described Wandii's acquittal as `a licence to hack'—and The Times, had run the statement.12 It was likely the judge, who had presided over Wandii's trial, would want to send a loud and clear message to the hacking community.
Pad thought that perhaps, if he and Gandalf had pleaded not guilty alongside Wandii, they would have been acquitted. But there was no way Pad would have subjected himself to the kind of public humiliation Wandii went through during the `addicted to computers' evidence. The media appeared to want to paint the three hackers as pallid, scrawny, socially inept, geeky geniuses, and to a large degree Wandii's lawyers had worked off this desire. Pad didn't mind being viewed as highly intelligent, but he wasn't a geek. He had a casual girlfriend. He went out dancing with friends or to hear bands in Manchester's thriving alternative music scene. He worked out his upper body with weights at home. Shy—yes. A geek—no.
Could Pad have made a case for being addicted to hacking? Yes, although he never believed that he had been. Completely enthralled, entirely entranced? Maybe. Suffering from a passing obsession? Perhaps. But addicted? No, he didn't think so. Besides, who knew for sure if a defence of addiction could have saved him from the prosecution's claim anyway?
Exactly where the quarter of a million pound claim came from in the first place was a mystery to Pad. The police had just said it to him, as if it was fact, in the police interview. Pad hadn't seen any proof, but that hadn't stopped him from spending a great deal of time feeling very stressed about how the judge would view the matter.
The only answer seemed to be some good, independent technical advice. At the request of both Pad and Gandalf's lawyers, Dr Peter Mills, of Manchester University, and Dr Russell Lloyd, of London Business School, had examined a large amount of technical evidence presented in the prosecution's papers. In an independent report running to more than 23 pages, the experts stated that the hackers had caused less havoc than the prosecution alleged. In addition, Pad's solicitor asked Dr Mills to specifically review, in a separate report, the evidence supporting the prosecution's large damage claim.
Dr Mills stated that one of the police expert witnesses, a British Telecom employee, had said that Digital recommended a full rebuild of the system at the earliest possible opportunity—and at considerable cost. However, the BT expert had not stated that the cost was [sterling]250000 nor even mentioned if the cost quote which had been given had actually been accepted.
In fact, Dr Mills concluded that there was no supporting evidence at all for the quarter of a million pound claim. Not only that, but any test of reason based on the evidence provided by the prosecution showed the claim to be completely ridiculous.
In a separate report, Dr Mills' stated that:
i) The machine concerned was a Vax 6320, this is quite a powerful `mainframe' system and could support several hundreds of users.
ii) That a full dump of files takes 6 tapes, however since the type of tape is not specified this gives no real indication of the size of the filesystem. A tape could vary from 0.2 Gigabytes to 2.5 Gigabytes.
iii) The machine was down for three days.
With this brief information it is difficult to give an accurate cost for restoring the machine, however an over estimate would be:
i) Time spent in restoring the system, 10 man days at [sterling]300 per day; [sterling]3000.
ii) Lost time by users, 30 man days at [sterling]300 per day; [sterling]9000.
The total cost in my opinion is unlikely to be higher than [sterling]12000 and this itself is probably a rather high estimate. I certainly cannot see how a figure of [sterling]250000 could be justified.
It looked to Pad that the prosecution's claim was not for damage at all. It was for properly securing the system—an entirely rebuilt system. It seemed to him that the police were trying to put the cost of securing the polytechnic's entire computer network onto the shoulders of one hacker—and to call it damages. In fact, Pad discovered, the polytechnic had never actually even spent the [sterling]250000.
Pad was hopeful, but he was also angry. All along, the police had been threatening him with this huge damage bill. He had tossed and turned in his bed at night worrying about it. And, in the end, the figure put forward for so long as fact was nothing but an outrageous claim based on not a single shred of solid evidence.
Using Dr Mills's report, Pad's barrister, Mukhtar Hussain, QC, negotiated privately with the prosecution barrister, who finally relented and agreed to reduce the damage estimate to [sterling]15000. It was, in Pad's view, still far too high, but it was much better than [sterling]250000. He was in no mind to look a gift horse in the mouth.
Judge Harris accepted the revised damage estimate.
The prosecution may have lost ground on the damage bill, but it wasn't giving up the fight. These two hackers, James Richardson told the court and journalists during the two-day sentencing hearing, had hacked into some 10000 computer systems around the world. They were inside machines or networks in at least fifteen countries. Russia. India. France. Norway. Germany. The US. Canada. Belgium. Sweden. Italy. Taiwan. Singapore. Iceland. Australia. Officers on the case said the list of the hackers' targets `read like an atlas', Richardson told the court.
Pad listened to the list. It sounded about right. What didn't sound right were the allegations that he or Gandalf had crashed Sweden's telephone network by running an X.25 scanner over its packet network. The crash had forced a Swedish government minister to apologise on television. The police said the minister did not identify the true cause of the problem—the British hackers—in his public apology.
Pad had no idea what they were talking about. He hadn't done anything like that to the Swedish phone system, and as far as he knew, neither had Gandalf.
Something else didn't sound right. Richardson told the court that in total, the two hackers had racked up at least [sterling]25000 in phone bills for unsuspecting legitimate customers, and caused `damage' to systems which was very conservatively estimated at almost [sterling]123000.
Where were these guys getting these numbers from? Pad marvelled at their cheek. He had been through the evidence with a fine-toothed comb, yet he had not seen one single bill showing what a site had actually paid to repair `damage' caused by the hackers. The figures tossed around by the police and the prosecution weren't real bills; they weren't cast in iron.
Finally, on Friday 21 May, after all the evidence had been presented, the judge adjourned the court to consider sentencing. When he returned to the bench fifteen minutes later, Pad knew what was going to happen from the judge's face. To the hacker, the expression said: I am going to give you everything that Wandii should have got.
Judge Harris echoed The Times's sentiments when he told the two defendants, `If your passion had been cars rather than computers, we would have called your conduct delinquent, and I don't shrink from the analogy of describing what you were doing as intellectual joyriding.
`Hacking is not harmless. Computers now form a central role in our lives. Some, providing emergency services, depend on their computers to deliver those services.'13
Hackers needed to be given a clear signal that computer crime `will not and cannot be tolerated', the judge said, adding that he had thought long and hard before handing down sentence. He accepted that neither hacker had intended to cause damage, but it was imperative to protect society's computer systems and he would be failing in his public duty if he didn't sentence the two hackers to a prison term of six months.
Judge Harris told the hackers that he had chosen a custodial sentence, `both to penalise you for what you have done and for the losses caused, and to deter others who might be similarly tempted'.
This was the show trial, not Wandii's case, Pad thought as the court officers led him and Gandalf out of the dock, down to the prisoner's lift behind the courtroom and into a jail cell.
Less than two weeks after Pad and Gandalf were sentenced, Electron was back in the Victorian County Court to discover his own fate.
As he stood in the dock on 3 June 1993 he felt numb, as emotionally removed from the scene as Meursault in Camus' L'etranger. He believed he was handling the stress pretty well until he experienced tunnel vision while watching the judge read his penalty. He perused the room but saw neither Phoenix nor Nom.
When Judge Anthony Smith summarised the charges, he seemed to have a special interest in count number 13—the Zardoz charge. A few minutes into reading the sentence, the judge said, `In my view, a custodial sentence is appropriate for each of the offences constituted by the 12th, 13th and 14th counts'. They were the `knowingly concerned' charges, with Phoenix, involving NASA, LLNL and CSIRO. Electron looked around the courtroom. People turned back to stare at him. Their eyes said, `You are going to prison'.
`I formed the view that a custodial sentence is appropriate in respect of each of these offences because of the seriousness of them,' Judge Smith noted, `and having regard to the need to demonstrate that the community will not tolerate this type of offence.
`Our society today is … increasingly … dependent upon the use of computer technology. Conduct of the kind in which you engaged poses a threat to the usefulness of that technology … It is incumbent upon the courts … to see to it that the sentences they impose reflect the gravity of this kind of criminality.
`On each of Counts 12, 13 and 14, you are convicted and you are sentenced to a term of imprisonment of six months … each … to be concurrent.'
The judge paused, then continued, `And … I direct, by order, that you be released forthwith upon your giving security by recognisance … in the sum of $500 … You will not be required to serve the terms of imprisonment imposed, provided you are of good behaviour for the ensuing six months.' He then ordered Electron to complete 300 hours of community service, and to submit to psychiatric assessment and treatment.
Electron breathed a sigh of relief.
When outlining the mitigating circumstances which led to suspension of the jail sentence, Judge Smith described Electron as being addicted to using his computer `in much the same way as an alcoholic becomes addicted to the bottle'. Boris Kayser had used the analogy in the sentencing hearing, perhaps for the benefit of the media, but the judge had obviously been swayed by his view.
When court adjourned, Electron left the dock and shook hands with his lawyers. After three years, he was almost free of his court problems. There was only one possible reason he might need to return to court.
If Phoenix fought out his case in a full criminal trial, the DPP would put Electron on the stand to testify against him. It would be an ugly scene.
The inmates of HM Prison Kirkham, on the north-west coast of England, near Preston, had heard all about Pad and Gandalf by the time they arrived. They greeted the hackers by name. They'd seen the reports on telly, especially about how Gandalf had hacked NASA—complete with footage of the space shuttle taking off. Some TV reporter's idea of subtle irony—`Two hackers were sent down today' as the space shuttle went up.
Kirkham was far better than Brixton, where the hackers had spent the first days of their sentence while awaiting transfer. Brixton was what Pad always envisioned prison would look like, with floors of barred cells facing onto an open centre and prisoners only allowed out of their cells for scheduled events such as time in the yard. It was a place where hard-core criminals lived. Fortunately, Pad and Gandalf had been placed in the same cell while they waited to be assigned to their final destination.
After ten days inside Brixton Pad and Gandalf were led from their cell, handcuffed and put in a coach heading toward the windy west coast.
During the drive, Pad kept looking down at his hand, locked in shiny steel to Gandalf's hand, then he looked back up again at his fellow hacker. Clearing his throat and turning away from Gandalf's difficult grin—his friend now on the edge of laughing himself—Pad struggled. He tried to hold down the muscles of his face, to pull them back from laughter.
A minimum security prison holding up to 632 prisoners, Kirkham looked vaguely like a World War II RAF base with a large collection of free-standing buildings around the grounds. There were no real walls, just a small wire fence which Pad soon learned prisoners routinely jumped when the place started to get to them.
For a prison, Kirkham was pretty good. There was a duck pond, a bowling green, a sort of mini-cinema which showed films in the early evenings, eight pay phones, a football field, a cricket pavilion and, best of all, lots of fields. Prisoners could have visits on weekday afternoons between 1.10 and 3.40, or on the weekend.
Luck smiled on the two hackers. They were assigned to the same billet and, since none of the other prisoners objected, they became room-mates. Since they were sentenced in May, they would serve their time during summer. If they were `of good behaviour' and didn't get into trouble with other prisoners, they would be out in three months.
Like any prison, Kirkham had its share of prisoners who didn't get along with each other. Mostly, prisoners wanted to know what you were in for and, more particularly, if you had been convicted of a sex crime. They didn't like sex crime offenders and Pad heard about a pack of Kirkham prisoners who dragged one of their own, screaming, to a tree, where they tried to hang him for being a suspected rapist. In fact, the prisoner hadn't been convicted of anything like rape. He had simply refused to pay his poll tax.
Fortunately for Pad and Gandalf, everyone else in Kirkham knew why they were there. At the end of their first week they returned to their room one afternoon to find a sign painted above their door. It said, `NASA HQ'.
The other minimum security prisoners understood hacking—and they had all sorts of ideas about how you could make money from it. Most of the prisoners in Kirkham were in for petty theft, credit card fraud, and other small-time crimes. There was also a phreaker, who arrived the same day as Pad and Gandalf. He landed eight months in prison—two more than the 8lgm hackers—and Pad wondered what kind of message that sent the underground.
Despite their best efforts, the 8lgm twosome didn't fit quite the prison mould. In the evenings, other prisoners spent their free time shooting pool or taking drugs. In the bedroom down the hall, Gandalf lounged on his bed studying a book on VMS internals. Pad read a computer magazine and listened to some indie music—often his `Babes in Toyland' tape. In a parody of prison movies, the two hackers marked off their days inside the prison with cross-hatched lines on their bedroom wall—four marks, then a diagonal line through them. They wrote other things on the walls too.
The long, light-filled days of summer flowed one into the other, as Pad and Gandalf fell into the rhythm of the prison. The morning check-in at 8.30 to make sure none of the prisoners had gone walkabout. The dash across the bowling green for a breakfast of beans, bacon, eggs, toast and sausage. The walk to the greenhouses where the two hackers had been assigned for work detail.
The work wasn't hard. A little digging in the pots. Weeding around the baby lettuce heads, watering the green peppers and transplanting tomato seedlings. When the greenhouses became too warm by late morning, Pad and Gandalf wandered outside for a bit of air. They often talked about girls, cracking crude, boyish jokes about women and occasionally discussing their girlfriends more seriously. As the heat settled in, they sat down, lounging against the side of the greenhouse.
After lunch, followed by more time in the greenhouse, Pad and Gandalf sometimes went off for walks in the fields surrounding the prison. First the football field, then the paddocks dotted with cows beyond it.
Pad was a likeable fellow, largely because of his easygoing style and relaxed sense of humour. But liking him wasn't the same as knowing him, and the humour often deflected deeper probing into his personality. But Gandalf knew him, understood him. Everything was so easy with Gandalf. During the long, sunny walks, the conversation flowed as easily as the light breeze through the grass.
As they wandered in the fields, Pad often wore his denim jacket. Most of the clothes on offer from the prison clothing office were drab blue, but Pad had lucked onto this wonderful, cool denim jacket which he took to wearing all the time.
Walking for hours on end along the perimeters of the prison grounds, Pad saw how easy it would be to escape, but in the end there didn't seem to be much point. They way he saw it, the police would just catch you and put you back in again. Then you'd have to serve extra time.
Once a week, Pad's parents came to visit him, but the few precious hours of visiting time were more for his parents' benefit than his own. He reassured them that he was OK, and when they looked him in the face and saw it was true, they stopped worrying quite so much. They brought him news from home, including the fact that his computer equipment had been returned by one of the police who had been in the original raid.
The officer asked Pad's mother how the hacker was doing in prison. `Very well indeed,' she told him. `Prison's not nearly so bad as he thought.' The officer's face crumpled into a disappointed frown. He seemed to be looking for news that Pad was suffering nothing but misery.
At the end of almost three months, with faces well tanned from walking in the meadows, Pad and Gandalf walked free.
To the casual witness sitting nearby in the courtroom, the tension between Phoenix's mother and father was almost palpable. They were not sitting near each other but that didn't mitigate the silent hostility which rose through the air like steam. Phoenix's divorced parents provided a stark contrast to Nom's adopted parents, an older, suburban couple who were very much married.
On Wednesday, 25 August 1993 Phoenix and Nom pleaded guilty to fifteen and two charges respectively. The combined weight of the prosecution's evidence, the risk and cost of running a full trial and the need to get on with their lives had pushed them over the edge. Electron didn't need to come to court to give evidence.
At the plea hearing, which ran over to the next day, Phoenix's lawyer, Dyson Hore-Lacy, spent considerable time sketching the messy divorce of his client's parents for the benefit of the judge. Suggesting Phoenix retreated into his computer during the bitter separation and divorce was the best chance of getting him off a prison term. Most of all, the defence presented Phoenix as a young man who had strayed off the correct path in life but was now back on track—holding down a job and having a life.
The DPP had gone in hard against Phoenix. They seemed to want a jail term badly and they doggedly presented Phoenix as an arrogant braggart. The court heard a tape-recording of Phoenix ringing up security guru Edward DeHart of the Computer Emergency Response Team at Carnegie Mellon University to brag about a security exploit. Phoenix told DeHart to get onto his computer and then proceeded to walk him step by step through the `passwd -f' security bug. Ironically, it was Electron who had discovered that security hole and taught it to Phoenix—a fact Phoenix didn't seem to want to mention to DeHart.
The head of the AFP's Southern Region Computer Crimes Unit, Detective Sergeant Ken Day was in court that day. There was no way he was going to miss this. The same witness noting the tension between Phoenix's parents might also have perceived an undercurrent of hostility between Day and Phoenix—an undercurrent which did not seem to exist between Day and either of the other Realm hackers.
Day, a short, careful man who gave off an air of bottled intensity, seemed to have an acute dislike for Phoenix. By all observations the feeling was mutual. A cool-headed professional, Day would never say anything in public to express the dislike—that was not his style. His dislike was only indicated by a slight tightness in the muscles of an otherwise unreadable face.
On 6 October 1993, Phoenix and Nom stood side by side in the dock for sentencing. Wearing a stern expression, Judge Smith began by detailing both the hackers' charges and the origin of The Realm. But after the summary, the judge saved his harshest rebuke for Phoenix.
`There is nothing … to admire about your conduct and every reason why it should be roundly condemned. You pointed out [weaknesses] to some of the system administrators … [but] this was more a display of arrogance and a demonstration of what you thought was your superiority rather than an act of altruism on your part.
`You … bragged about what you had done or were going to do … Your conduct revealed … arrogance on your part, open defiance, and an intention to the beat the system. [You] did cause havoc for a time within the various targeted systems.'
Although the judge appeared firm in his views while passing sentence, behind the scenes he had agonised greatly over his decision. He had attempted to balance what he saw as the need for deterrence, the creation of a precedence for sentencing hacking cases in Australia, and the individual aspects of this case. Finally, after sifting through the arguments again and again, he had reached a decision.
`I have no doubt that some sections of our community would regard anything than a custodial sentence as less than appropriate. I share that view. But after much reflection … I have concluded that an immediate term of imprisonment is unnecessary.'
Relief rolled across the faces of the hackers' friends and relatives as the judge ordered Phoenix to complete 500 hours of community service work over two years and assigned him a $1000 twelve-month good behaviour bond. He gave Nom 200 hours, and a $500, six-month bond for good behaviour.
As Phoenix was leaving the courtroom, a tall, skinny young man, loped down the aisle towards him.
`Congratulations,' the stranger said, his long hair dangling in delicate curls around his shoulders.
`Thanks,' Phoenix answered, combing his memory for the boyish face which couldn't be any older than his own. `Do I know you?'
`Sort of,' the stranger answered. `I'm Mendax. I'm about to go through what you did, but worse.'
All around; an eerie sound.
— from `Maralinga', 10, 9, 8, 7, 6, 5, 4, 3, 2, 1.
Prime Suspect rang Mendax, offering an adventure. He had discovered a strange system called NMELH1 (pronounced N-Melly-H-1) and it was time to go exploring. He read off the dial-up numbers, found in a list of modem phone numbers on another hacked system.
Mendax looked at the scrap of paper in his hand, thinking about the name of the computer system.
The `N' stood for Northern Telecom, a Canadian company with annual sales of $8 billion. NorTel, as the company was known, sold thousands of highly sophisticated switches and other telephone exchange equipment to some of the world's largest phone companies. The `Melly' undoubtedly referred to the fact that the system was in Melbourne. As for the `H-1', well, that was anyone's guess, but Mendax figured it probably stood for `host-1'—meaning computer site number one.
Prime Suspect had stirred Mendax's interest. Mendax had spent hours experimenting with commands inside the computers which controlled telephone exchanges. In the end, those forays were all just guesswork—trial and error learning, at considerable risk of discovery. Unlike making a mistake inside a single computer, mis-guessing a command inside a telephone exchange in downtown Sydney or Melbourne could take down a whole prefix—10000 or more phone lines—and cause instant havoc.
This was exactly what the International Subversives didn't want to do. The three IS hackers—Mendax, Prime Suspect and Trax—had seen what happened to the visible members of the computer underground in England and in Australia. The IS hackers had three very good reasons to keep their activities quiet.
Phoenix. Nom. And Electron.
But, Mendax thought, what if you could learn about how to manipulate a million-dollar telephone exchange by reading the manufacturer's technical documentation? How high was the chance that those documents, which weren't available to the public, were stored inside NorTel's computer network?
Better still, what if he could find NorTel's original source code—the software designed to control specific telephone switches, such as the DMS-100 model. That code might be sitting on a computer hooked into the worldwide NorTel network. A hacker with access could insert his own backdoor—a hidden security flaw—before the company sent out software to its customers.
With a good technical understanding of how NorTel's equipment worked, combined with a backdoor installed in every piece of software shipped with a particular product, you could have control over every new NorTel DMS telephone switch installed from Boston to Bahrain. What power! Mendax thought, what if you you could turn off 10000 phones in Rio de Janeiro, or give 5000 New Yorkers free calls one afternoon, or listen into private telephone conversations in Brisbane. The telecommunications world would be your oyster.
Like their predecessors, the three IS hackers had started out in the Melbourne BBS scene. Mendax met Trax on Electric Dreams in about 1988, and Prime Suspect on Megaworks, where he used the handle Control Reset, not long after that. When he set up his own BBS at his home in Tecoma, a hilly suburb so far out of Melbourne that it was practically in forest, he invited both hackers to visit `A Cute Paranoia' whenever they could get through on the single phone line.
Visiting on Mendax's BBS suited both hackers, for it was more private than other BBSes. Eventually they exchanged home telephone numbers, but only to talk modem-to-modem. For months, they would ring each other up and type on their computer screens to each other—never having heard the sound of the other person's voice. Finally, late in 1990, the nineteen-year-old Mendax called up the 24-year-old Trax for a voice chat. In early 1991, Mendax and Prime Suspect, aged seventeen, also began speaking in voice on the phone.
Trax seemed slightly eccentric, and possibly suffered from some sort of anxiety disorder. He refused to travel to the city, and he once made reference to seeing a psychiatrist. But Mendax usually found the most interesting people were a little unusual, and Trax was both.
Mendax and Trax discovered they had a few things in common. Both came from poor but educated families, and both lived in the outer suburbs. However, they had very different childhoods.
Trax's parents migrated to Australia from Europe. Both his father, a retired computer technician, and his mother spoke with a German accent. Trax's father was very much the head of the household, and Trax was his only son.
By contrast, by the time he was fifteen Mendax had lived in a dozen different places including Perth, Magnetic Island, Brisbane, Townsville, Sydney, the Adelaide Hills, and a string of coastal towns in northern New South Wales and Western Australia. In fifteen years he had enrolled in at least as many different schools.
His mother had left her Queensland home at age seventeen, after saving enough money from selling her paintings to buy a motorcycle, a tent and a road map of Australia. Waving goodbye to her stunned parents, both academics, she rode off into the sunset. Some 2000 kilometres later, she arrived in Sydney and joined the thriving counter-culture community. She worked as an artist and fell in love with a rebellious young man she met at an anti-Vietnam demonstration.
Within a year of Mendax's birth, his mother's relationship with his father had ended. When Mendax was two, she married a fellow artist. What followed was many turbulent years, moving from town to town as his parents explored the '70s left-wing, bohemian subculture. As a boy, he was surrounded by artists. His stepfather staged and directed plays and his mother did make-up, costume and set design.
One night in Adelaide, when Mendax was about four, his mother and a friend were returning from a meeting of anti-nuclear protesters. The friend claimed to have scientific evidence that the British had conducted high-yield, above-ground nuclear tests at Maralinga, a desert area in north-west South Australia.
A 1984 Royal Commission subsequently revealed that between 1953 and 1963 the British government had tested nuclear bombs at the site, forcing more than 5000 Aborigines from their native lands. In December 1993, after years of stalling, the British government agreed to pay [sterling]20 million toward cleaning up the more than 200 square kilometres of contaminated lands. Back in 1968, however, the Menzies government had signed away Britain's responsibility to clean up the site. In the 1970s, the Australian government was still in denial about exactly what had happened at Maralinga.
As Mendax's mother and her friend drove through an Adelaide suburb carrying early evidence of the Maralinga tragedy, they noticed they were being followed by an unmarked car. They tried to lose the tail, without success. The friend, nervous, said he had to get the data to an Adelaide journalist before the police could stop him. Mendax's mother quickly slipped into a back lane and the friend leapt from the car. She drove off, taking the police tail with her.
The plain-clothed police pulled her over shortly after, searched her car and demanded to know where her friend had gone and what had occurred at the meeting. When she was less than helpful, one officer told her, `You have a child out at 2 in the morning. I think you should get out of politics, lady. It could be said you were an unfit mother'.
A few days after this thinly veiled threat, her friend showed up at Mendax's mother's house, covered in fading bruises. He said the police had beaten him up, then set him up by planting hash on him. `I'm getting out of politics,' he announced.
However, she and her husband continued their involvement in theatre. The young Mendax never dreamed of running away to join the circus—he already lived the life of a travelling minstrel. But although the actor-director was a good stepfather, he was also an alcoholic. Not long after Mendax's ninth birthday, his parents separated and then divorced.
Mendax's mother then entered a tempestuous relationship with an amateur musician. Mendax was frightened of the man, whom he considered a manipulative and violent psychopath. He had five different identities with plastic in his wallet to match. His whole background was a fabrication, right down to the country of his birth. When the relationship ended, the steady pattern of moving around the countryside began again, but this journey had a very different flavour from the earlier happy-go-lucky odyssey. This time, Mendax and his family were on the run from a physically abusive de facto. Finally, after hiding under assumed names on both sides of the continent, Mendax and his family settled on the outskirts of Melbourne.
Mendax left home at seventeen because he had received a tip-off about an impending raid. Mendax wiped his disks, burnt his print-outs and left. A week later, the Victorian CIB turned up and searched his room, but found nothing. He married his girlfriend, an intelligent but introverted and emotionally disturbed sixteen-year-old he had met through a mutual friend in a gifted children's program. A year later they had a child.
Mendax made many of his friends through the computer community. He found Trax easy to talk to and they often spent up to five hours on a single phone call. Prime Suspect, on the other hand, was hard work on the phone.
Quiet and introverted, Prime Suspect always seemed to run out of conversation after five minutes. Mendax was himself naturally shy, so their talks were often filled with long silences. It wasn't that Mendax didn't like Prime Suspect, he did. By the time the three hackers met in person at Trax's home in mid-1991, he considered Prime Suspect more than just a fellow hacker in the tight-knit IS circle. Mendax considered him a friend.
Prime Suspect was a boy of veneers. To most of the world, he appeared to be a studious year 12 student bound for university from his upper middle-class grammar school. The all-boys school never expected less from its students and the possibility of attending a TAFE—a vocational college—was never discussed as an option. University was the object. Any student who failed to make it was quietly swept under the carpet like some sort of distasteful food dropping.
Prime Suspect's own family situation did not mirror the veneer of respectability portrayed by his school. His father, a pharmacist, and his mother, a nurse, had been in the midst of an acrimonious divorce battle when his father was diagnosed with terminal cancer. In this bitter, antagonistic environment, the eight-year-old Prime Suspect was delivered to his father's bedside in hospice for a rushed few moments to bid him farewell.
Through much of his childhood and adolescence, Prime Suspect's mother remained bitter and angry about life, and particularly her impoverished financial situation. When he was eight, Prime Suspect's older sister left home at sixteen, moved to Perth and refused to speak to her mother. In some ways, Prime Suspect felt he was expected be both child and de facto parent. All of which made him grow up faster in some ways, but remain immature in others.
Prime Suspect responded to the anger around him by retreating into his room. When he bought his first computer, an Apple IIe, at age thirteen he found it better company than any of his relatives. The computers at school didn't hold much interest for him, since they weren't connected to the outside world via modem. After reading about BBSes in the Apple Users' Society newsletter, he saved up for his own modem and soon began connecting into various BBSes.
School did, however, provide the opportunity to rebel, albeit anonymously, and he conducted extensive pranking campaigns. Few teachers suspected the quiet, clean-cut boy and he was rarely caught. Nature had endowed Prime Suspect with the face of utter innocence. Tall and slender with brown curly hair, his true character only showed in the elfish grin which sometimes passed briefly across his baby face. Teachers told his mother he was underachieving compared to his level of intelligence, but had few complaints otherwise.
By year 10, he had become a serious hacker and was spending every available moment at his computer. Sometimes he skipped school, and he often handed assignments in late. He found it difficult to come up with ever more creative excuses and sometimes he imagined telling his teachers the truth. `Sorry I didn't get that 2000-word paper done but I was knee-deep in NASA networks last night.' The thought made him laugh.
He saw girls as a unwanted distraction from hacking. Sometimes, after he chatted with a girl at a party, his friends would later ask him why he hadn't asked her out. Prime Suspect shrugged it off. The real reason was that he would rather get home to his computer, but he never discussed his hacking with anyone at school, not even with Mentat.
A friend of Force's and occasional visitor to The Realm, Mentat was two years ahead of Prime Suspect at school and in general couldn't be bothered talking to so junior a hacker as Prime Suspect. The younger hacker didn't mind. He had witnessed other hackers' indiscretions, wanted no part of them and was happy to keep his hacking life private.
Before the Realm bust, Phoenix rang him up once at 2 a.m. suggesting that he and Nom come over there and then. Woken by the call, Prime Suspect's mother stood in the doorway to his bedroom, remonstrating with him for letting his `friends' call at such a late hour. With Phoenix goading him in one ear, and his mother chewing him out in the other, Prime Suspect decided the whole thing was a bad idea. He said no thanks to Phoenix, and shut the door on his mother.
He did, however, talk to Powerspike on the phone once in a while. The older hacker's highly irreverent attitude and Porky Pig laugh appealed to him. But other than those brief talks, Prime Suspect avoided talking on the phone to people outside the International Subversives, especially when he and Mendax moved into ever more sensitive military computers.
Using a program called Sycophant written by Mendax, the IS hackers had been conducting massive attacks on the US military. They divided up Sycophant on eight attack machines, often choosing university systems at places like the Australian National University or the University of Texas. They pointed the eight machines at the targets and fired. Within six hours, the eight machines had assaulted thousands of computers. The hackers sometimes reaped 100000 accounts each night.
Using Sycophant, they essentially forced a cluster of Unix machines in a computer network to attack the entire Internet en masse.
And that was just the start of what they were into. They had been in so many sites they often couldn't remember if they had actually hacked a particular computer. The places they could recall read like a Who's Who of the American military-industrial complex. The US Airforce 7th Command Group Headquarters in the Pentagon. Stanford Research Institute in California. Naval Surface Warfare Center in Virginia. Lockheed Martin's Tactical Aircraft Systems Air Force Plant in Texas. Unisys Corporation in Blue Bell, Pennsylvania. Goddard Space Flight Center, NASA. Motorola Inc. in Illinois. TRW Inc. in Redondo Beach, California. Alcoa in Pittsburgh. Panasonic Corp in New Jersey. US Naval Undersea Warfare Engineering Station. Siemens-Nixdorf Information Systems in Massachusetts. Securities Industry Automation Corp in New York. Lawrence Livermore National Laboratory in California. Bell Communications Research, New Jersey. Xerox Palo Alto Research Center, California.
As the IS hackers reached a level of sophistication beyond anything The Realm had achieved, they realised that progress carried considerable risk and began to withdraw completely from the broader Australian hacking community. Soon they had drawn a tight circle around themselves. They talked only to each other.
Watching the Realm hackers go down hadn't deterred the next generation of hackers. It had only driven them further underground.
In the spring of 1991, Prime Suspect and Mendax began a race to getroot on the US Department of Defense's Network Information Center(NIC) computer—potentially the most important computer on theInternet.
As both hackers chatted amiably on-line one night, on a Melbourne University computer, Prime Suspect worked quietly in another screen to penetrate ns.nic.ddn.mil, a US Department of Defense system closely linked to NIC. He believed the sister system and NIC might `trust' each other—a trust he could exploit to get into NIC. And NIC did everything.
NIC assigned domain names—the `.com' or `.net' at the end of an email address—for the entire Internet. NIC also controlled the US military's own internal defence data network, known as MILNET.
NIC also published the communication protocol standards for all of the Internet. Called RFCs (Request for Comments), these technical specifications allowed one computer on the Internet to talk to another. The Defense Data Network Security Bulletins, the US Department of Defense's equivalent of CERT advisories, came from the NIC machine.
Perhaps most importantly, NIC controlled the reverse look-up service on the Internet. Whenever someone connects to another site across the Internet, he or she typically types in the site name—say, ariel.unimelb.edu.au at the University of Melbourne. The computer then translates the alphabetical name into a numerical address—the IP address—in this case 128.250.20.3. All the computers on the Internet need this IP address to relay the packets of data onto the final destination computer. NIC decided how Internet computers would translate the alphabetical name into an IP address, and vice versa.
If you controlled NIC, you had phenomenal power on the Internet. You could, for example, simply make Australia disappear. Or you could turn it into Brazil. By pointing all Internet addresses ending in `.au'—the designation for sites in Australia—to Brazil, you could cut Australia's part of the Internet off from the rest of the world and send all Australian Internet traffic to Brazil. In fact, by changing the delegation of all the domain names, you could virtually stop the flow of information between all the countries on the Internet.
The only way someone could circumvent this power was by typing in the full numerical IP address instead of a proper alphabetical address. But few people knew the up-to-twelve-digit IP equivalent of their alphabetical addresses, and fewer still actually used them.
Controlling NIC offered other benefits as well. Control NIC, and you owned a virtual pass-key into any computer on the Internet which `trusted' another. And most machines trust at least one other system.
Whenever one computer connects to another across the Net, both machines go through a special meet-and-greet process. The receiving computer looks over the first machine and asks itself a few questions. What's the name of the incoming machine? Is that name allowed to connect to me? In what ways am I programmed to `trust' that machine—to wave my normal security for connections from that system?
The receiving computer answers these questions based in large part on information provided by NIC. All of which means that, by controlling NIC, you could make any computer on the Net `pose' as a machine trusted by a computer you might want to hack. Security often depended on a computer's name, and NIC effectively controlled that name.
When Prime Suspect managed to get inside NIC's sister system, he told Mendax and gave him access to the computer. Each hacker then began his own attack on NIC. When Mendax finally got root on NIC, the power was intoxicating. Prime Suspect got root at the same time but using a different method. They were both in.
Inside NIC, Mendax began by inserting a backdoor—a method of getting back into the computer at a later date in case an admin repaired the security flaws the hackers had used to get into the machine. From now on, if he telnetted into the system's Data Defense Network (DDN) information server and typed `login 0' he would have instant, invisible root access to NIC.
That step completed, he looked around for interesting things to read. One file held what appeared to be a list of satellite and microwave dish coordinates—longitude, latitudes, transponder frequencies. Such coordinates might in theory allow someone to build a complete map of communications devices which were used to move the DOD's computer data around the world.
Mendax also penetrated MILNET's Security Coordination Center, which collected reports on every possible security incident on a MILNET computer. Those computers—largely TOPS-20s made by DEC—contained good automatic security programs. Any number of out-of-the-ordinary events would trigger an automatic security report. Someone logging into a machine for too long. A large number of failed login attempts, suggesting password guessing. Two people logging into the same account at the same time. Alarm bells would go off and the local computer would immediately send a security violation report to the MILNET security centre, where it would be added to the `hot list'.
Mendax flipped through page after page of MILNET's security reports on his screen. Most looked like nothing—MILNET users accidentally stumbling over a security tripwire—but one notice from a US military site in Germany stood out. It was not computer generated. This was from a real human being. The system admin reported that someone had been repeatedly trying to break into his or her machine, and had eventually managed to get in. The admin was trying, without much luck, to trace back the intruder's connection to its point of origin. Oddly, it appeared to originate in another MILNET system.
Riffling through other files, Mendax found mail confirming that the attack had indeed come from inside MILNET. His eyes grew wide as he read on. US military hackers had broken into MILNET systems, using them for target practice, and no-one had bothered to tell the system admin at the target site.
Mendax couldn't believe it. The US military was hacking its own computers. This discovery led to another, more disturbing, thought. If the US military was hacking its own computers for practice, what was it doing to other countries' computers?
As he quietly backed out of the system, wiping away his footprints as he tip-toed away, Mendax thought about what he had seen. He was deeply disturbed that any hacker would work for the US military.
Hackers, he thought, should be anarchists, not hawks.
In early October 1991, Mendax rang Trax and gave him the dial-up and account details for NMELH1.
Trax wasn't much of a hacker, but Mendax admired his phreaking talents. Trax was the father of phreaking in Australia and Trax's Toolbox, his guide to the art of phreaking, was legendary. Mendax thought Trax might find some interesting detailed information inside the NorTel network on how to control telephone switches.
Trax invented multi-frequency code phreaking. By sending special tones—generated by his computer program—down the phone line, he could control certain functions in the telephone exchange. Many hackers had learned how to make free phone calls by charging the cost to someone else or to calling cards, but Trax discovered how to make phone calls which weren't charged to anyone. The calls weren't just free; they were untraceable.
Trax wrote 48 pages on his discovery and called it The Australian Phreakers Manual Volumes 1-7. But as he added more and more to the manual, he became worried what would happen if he released it in the underground, so he decided he would only show it to the other two International Subversive hackers.
He went on to publish The Advanced Phreaker's Manual,2 a second edition of the manual, in The International Subversive, the underground magazine edited by Mendax:
An electronic magazine, The International Subversive had a simple editorial policy. You could only have a copy of the magazine if you wrote an `article'. The policy was a good way of protecting against nappies—sloppy or inexperienced hackers who might accidentally draw police attention. Nappies also tended to abuse good phreaking and hacking techniques, which might cause Telecom to close up security holes. The result was that IS had a circulation of just three people.
To a non-hacker, IS looked like gobbledygook—the phone book made more interesting reading. But to a member of the computer underground, IS was a treasure map. A good hacker could follow the trail of modem phone numbers and passwords, then use the directions in IS to disappear through secret entrances into the labyrinth of forbidden computer networks. Armed with the magazine, he could slither out of tight spots, outwit system admins and find the treasure secreted in each computer system.
For Prime Suspect and Mendax, who were increasingly paranoid about line traces from the university modems they used as launchpads, Trax's phreaking skills were a gift from heaven.
Trax made his great discovery by accident. He was using a phone sprinter, a simple computer program which automatically dialled a range of phone numbers looking for modems. If he turned the volume up on his modem when his computer dialled what seemed to be a dead or non-existent number, he sometimes heard a soft clicking noise after the disconnection message. The noise sounded like faint heartbeats.
Curious, he experimented with these strange numbers and soon discovered they were disconnected lines which had not yet been reassigned. He wondered how he could use these odd numbers. After reading a document Mendax had found in Britain and uploaded to The Devil's Playground, another BBS, Trax had an idea. The posting provided information about CCITT #5 signalling tones, CCITT being the international standard—the language spoken by telephone exchanges between countries.
When you make an international phone call from Australia to the US, the call passes from the local telephone exchange to an international gateway exchange within Australia. From there, it travels to an exchange in the US. The CCITT signalling tones were the special tones the two international gateway exchanges used to communicate with each other.
Telecom Australia adapted a later version of this standard, called R2, for use on its own domestic exchanges. Telecom called this new standard MFC, or multi-frequency code. When, say, Trax rang Mendax, his exchange asked Mendax's to `talk' to Mendax's phone by using these tones. Mendax's exchange `answered', perhaps saying Mendax's phone was busy or disconnected. The Telecom-adapted tones—pairs of audio frequencies—did not exist in normal telephone keypads and you couldn't make them simply by punching keys on your household telephone.
Trax wrote a program which allowed his Amstrad computer to generate the special tones and send them down the phone line. In an act many in the underground later considered to be a stroke of genius, he began to map out exactly what each tone did. It was a difficult task, since one tone could mean several different things at each stage of the `conversation' between two exchanges.
Passionate about his new calling, Trax went trashing in Telecom garbage bins, where he found an MFC register list—an invaluable piece of his puzzle. Using the list, along with pieces of overseas phreaking files and a great deal of painstaking hands-on effort, Trax slowly learned the language of the Australian telephone exchanges. Then he taught the language to his computer.
Trax tried calling one of the `heartbeat' phone numbers again. He began playing his special, computer-generated tones through an amplifier. In simple terms, he was able to fool other exchanges into thinking he was his local Telecom exchange. More accurately, Trax had made his exchange drop him into the outgoing signalling trunk that had been used to route to the disconnected phone number.
Trax could now call out—anywhere—as if he was calling from a point halfway between his own phone and the disconnected number. If he called a modem at Melbourne University, for instance, and the line was being traced, his home phone number would not show up on the trace records. No-one would be charged for the call because Trax's calls were ghosts in the phone system.
Trax continued to refine his ability to manipulate both the telephone and the exchange. He took his own telephone apart, piece by piece, countless times, fiddling with the parts until he understood exactly how it worked. Within months, he was able to do far more than just make free phone calls. He could, for instance, make a line trace think that he had come from a specific telephone number.
He and Mendax joked that if they called a `hot' site they would useTrax's technique to send the line trace—and the bill—back to onevery special number. The one belonging to the AFP's Computer CrimeUnit in Melbourne.
All three IS hackers suspected the AFP was close on their heels. Roving through the Canberra-based computer system belonging to the man who essentially ran the Internet in Australia, Geoff Huston, they watched the combined efforts of police and the Australian Academic and Research Network (AARNET) to trace them.
Craig Warren of Deakin University had written to Huston, AARNET technical manager, about hacker attacks on university systems. Huston had forwarded a copy of the letter to Peter Elford, who assisted Huston in managing AARNET. The hackers broke into Huston's system and also read the letter:
From G.Huston@aarnet.edu.au Mon Sep 23 09:40:43 1991
Received: from [150.203.6.67] by jatz.aarnet.edu.au with SMTP idAA00265 (5.65+/IDA-1.3.5 for pte900); Mon, 23 Sep 91 09:40:39 +1000
Date: Mon, 23 Sep 91 09:40:39 +1000
Message-Id: <9109222340.AA00265@jatz.aarnet.edu.au>
To: pte900@aarnet.edu.au
From: G.Huston@aarnet.edu.au
Subject: Re: Visitors log Thursday Night—Friday Morning
Status: RO
Date: Sun, 22 Sep 91 19:29:13 +1000
From: Craig Warren
Just to give you a little bit of an idea about what has been happening since we last spoke…
We have communicated with Sgt Ken Day of the Federal Police about 100 times in the last week. Together with our counterparts from Warrnambool traces have been arranged on dial-in lines and on Austpac lines for the capella.cc.deakin.OZ.AU terminal server which was left open to the world.
On Friday afternoon we were able to trace a call back to a person in the Warrnambool telephone district. The police have this persons name. We believe others are involved, as we have seen up to 3 people active at any one time. It is `suspected' students from RMIT and perhaps students from Deakin are also involved.
When I left on Friday night, there was plenty of activity still and the police and Telecom were tracking down another number.
Tomorrow morning I will talk to all parties involved, but it is likely we will have the names of at least 2 or 3 people that are involved. We will probably shut down access of `cappella' to AARNet at this stage, and let the police go about their business of prosecuting these people.
You will be `pleased' (:-)) to know you have not been the only ones under attack. I know of at least 2 other sites in Victoria that have had people attacking them. One of them was Telecom which helped get Telecom involved!
I will brief you all in the next day or so as to what has happened.
Regards, Craig
The `other' people were, of course, the IS hackers. There is nothing like reading about your own hacking antics in some one's security mail.
Mendax and Prime Suspect frequently visited ANU's computers to read the security mail there. However, universities were usually nothing special, just jumping-off points and, occasionally, good sources of information on how close the AFP were to closing in on the IS hackers.
Far more interesting to Mendax were his initial forays into Telecom's exchanges. Using a modem number Prime Suspect had found, he dialled into what he suspected was Telecom's Lonsdale Exchange in downtown Melbourne. When his modem connected to another one, all he saw was a blank screen. He tried a few basic commands which might give him help to understand the system:
Login. List. Attach.
The exchange's computer remained silent.
Mendax ran a program he had written to fire off every recognised keyboard character—256 of them—at another machine. Nothing again. He then tried the break signal—the Amiga key and the character B pressed simultaneously. That got an answer of sorts.
:
He pulled up another of his hacking tools, a program which dumped 200 common commands to the other machine. Nothing. Finally, he tried typing `logout'. That gave him an answer:
error, not logged on
Ah, thought Mendax. The command is `logon' not `login'.
:logon
The Telecom exchange answered: `username:' Now all Mendax had to do was figure out a username and password.
He knew that Telecom used NorTel equipment. More than likely, NorTel staff were training Telecom workers and would need access themselves. If there were lots of NorTel employees working on many different phone switches, it would be difficult to pass on secure passwords to staff all the time. NorTel and Telecom people would probably pick something easy and universal. What password best fitted that description?
username: nortel
password: nortel
It worked.
Unfortunately, Mendax didn't know which commands to use once he got into the machine, and there was no on-line documentation to provide help. The telephone switch had its own language, unlike anything he had ever encountered before.
After hours of painstaking research, Mendax constructed a list of commands which would work on the exchange's computer. The exchange appeared to control all the special six-digit phone numbers beginning with 13, such as those used for airline reservations or some pizza delivery services. It was Telecom's `Intelligent Network' which did many specific tasks, including routing calls to the nearest possible branch of the organisation being called. Mendax looked through the list of commands, found `RANGE', and recognised it as a command which would allow someone to select all the phone numbers in a certain range. He selected a thousand numbers, all with the prefix 634, which he believed to be in Telecom's Queen Street offices.
Now, to test a command. Mendax wanted something innocuous, which wouldn't screw up the 1000 lines permanently. It was almost 7 a.m. and he needed to wrap things up before Telecom employees began coming into work.
`RING' seemed harmless enough. It might ring one of the numbers in the range after another—a process he could stop. He typed the command in. Nothing happened. Then a few full stops began to slowly spread across his screen: