The Hacker Crackdown Part 22

Terminus's "Netsys" board was not a common-or-garden bulletin board system, though it had most of the usual functions of a board. Netsys was not a stand-alone machine, but part of the globe-spanning "UUCP" cooperative network.

The UUCP network uses a set of Unix software programs called "Unix-to-Unix Copy," which allows Unix systems to throw data to one another at high speed through the public telephone network.

UUCP is a radically decentralized, not-for-profit network of UNIX computers.

There are tens of thousands of these UNIX machines. Some are small, but many are powerful and also link to other networks. UUCP has certain arcane links to major networks such as JANET, EasyNet, BITNET, JUNET, VNET, DASnet, PeaceNet and FidoNet, as well as the gigantic Internet.

(The so-called "Internet" is not actually a network itself, but rather an "internetwork" connections standard that allows several globe-spanning computer networks to communicate with one another. Readers fascinated by the weird and intricate tangles of modern computer networks may enjoy John S. Quarterman's authoritative 719-page explication, The Matrix, Digital Press, 1990.)

A skilled user of Terminus' UNIX machine could send and receive electronic mail from almost any major computer network in the world.

Netsys was not called a "board" per se, but rather a "node."

"Nodes" were larger, faster, and more sophisticated than mere "boards,"

and for hackers, to hang out on internationally-connected "nodes"

was quite the step up from merely hanging out on local "boards."

Terminus's Netsys node in Maryland had a number of direct links to other, similar UUCP nodes, run by people who shared his interests and at least something of his free-wheeling att.i.tude.

One of these nodes was Jolnet, owned by Richard Andrews, who, like Terminus, was an independent UNIX consultant.

Jolnet also ran UNIX, and could be contacted at high speed by mainframe machines from all over the world. Jolnet was quite a sophisticated piece of work, technically speaking, but it was still run by an individual, as a private, not-for-profit hobby. Jolnet was mostly used by other UNIX programmers--for mail, storage, and access to networks.

Jolnet supplied access network access to about two hundred people, as well as a local junior college.

Among its various features and services, Jolnet also carried Phrack magazine.

For reasons of his own, Richard Andrews had become suspicious of a new user called "Robert Johnson." Richard Andrews took it upon himself to have a look at what "Robert Johnson"

was storing in Jolnet. And Andrews found the E911 Doc.u.ment.

"Robert Johnson" was the Prophet from the Legion of Doom, and the E911 Doc.u.ment was illicitly copied data from Prophet's raid on the BellSouth computers.

The E911 Doc.u.ment, a particularly illicit piece of digital property, was about to resume its long, complex, and disastrous career.

It struck Andrews as fishy that someone not a telephone employee should have a doc.u.ment referring to the "Enhanced 911 System."

Besides, the doc.u.ment itself bore an obvious warning.

"WARNING: NOT FOR USE OR DISCLOSURE OUTSIDE BELLSOUTH OR ANY OF ITS SUBSIDIARIES EXCEPT UNDER WRITTEN AGREEMENT."

These standard nondisclosure tags are often appended to all sorts of corporate material. Telcos as a species are particularly notorious for stamping most everything in sight as "not for use or disclosure."

Still, this particular piece of data was about the 911 System.

That sounded bad to Rich Andrews.

Andrews was not prepared to ignore this sort of trouble.

He thought it would be wise to pa.s.s the doc.u.ment along to a friend and acquaintance on the UNIX network, for consultation.

So, around September 1988, Andrews sent yet another copy of the E911 Doc.u.ment electronically to an AT&T employee, one Charles Boykin, who ran a UNIX-based node called "attctc" in Dallas, Texas.

"Attctc" was the property of AT&T, and was run from AT&T's Customer Technology Center in Dallas, hence the name "attctc."

"Attctc" was better-known as "Killer," the name of the machine that the system was running on. "Killer" was a hefty, powerful, AT&T 3B2 500 model, a multi-user, multi-tasking UNIX platform with 32 meg of memory and a mind-boggling 3.2 Gigabytes of storage.

When Killer had first arrived in Texas, in 1985, the 3B2 had been one of AT&T's great white hopes for going head-to-head with IBM for the corporate computer-hardware market. "Killer" had been s.h.i.+pped to the Customer Technology Center in the Dallas Infomart, essentially a high-technology mall, and there it sat, a demonstration model.

Charles Boykin, a veteran AT&T hardware and digital communications expert, was a local technical backup man for the AT&T 3B2 system. As a display model in the Infomart mall, "Killer" had little to do, and it seemed a shame to waste the system's capacity. So Boykin ingeniously wrote some UNIX bulletin-board software for "Killer," and plugged the machine in to the local phone network. "Killer's" debut in late 1985 made it the first publicly available UNIX site in the state of Texas. Anyone who wanted to play was welcome.

The machine immediately attracted an electronic community.

It joined the UUCP network, and offered network links to over eighty other computer sites, all of which became dependent on Killer for their links to the greater world of cybers.p.a.ce.

And it wasn't just for the big guys; personal computer users also stored freeware programs for the Amiga, the Apple, the IBM and the Macintosh on Killer's vast 3,200 meg archives.

At one time, Killer had the largest library of public-domain Macintosh software in Texas.

Eventually, Killer attracted about 1,500 users, all busily communicating, uploading and downloading, getting mail, gossipping, and linking to arcane and distant networks.

Boykin received no pay for running Killer. He considered it good publicity for the AT&T 3B2 system (whose sales were somewhat less than stellar), but he also simply enjoyed the vibrant community his skill had created. He gave away the bulletin-board UNIX software he had written, free of charge.

In the UNIX programming community, Charlie Boykin had the reputation of a warm, open-hearted, level-headed kind of guy.

In 1989, a group of Texan UNIX professionals voted Boykin "System Administrator of the Year." He was considered a fellow you could trust for good advice.

In September 1988, without warning, the E911 Doc.u.ment came plunging into Boykin's life, forwarded by Richard Andrews.

Boykin immediately recognized that the Doc.u.ment was hot property.

He was not a voice-communications man, and knew little about the ins and outs of the Baby Bells, but he certainly knew what the 911 System was, and he was angry to see confidential data about it in the hands of a nogoodnik. This was clearly a matter for telco security. So, on September 21, 1988, Boykin made yet ANOTHER copy of the E911 Doc.u.ment and pa.s.sed this one along to a professional acquaintance of his, one Jerome Dalton, from AT&T Corporate Information Security. Jerry Dalton was the very fellow who would later raid Terminus's house.

From AT&T's security division, the E911 Doc.u.ment went to Bellcore.

Bellcore (or BELL COmmunications REsearch) had once been the central laboratory of the Bell System. Bell Labs employees had invented the UNIX operating system. Now Bellcore was a quasi-independent, jointly owned company that acted as the research arm for all seven of the Baby Bell RBOCs. Bellcore was in a good position to co-ordinate security technology and consultation for the RBOCs, and the gentleman in charge of this effort was Henry M. Kluepfel, a veteran of the Bell System who had worked there for twenty-four years.

On October 13, 1988, Dalton pa.s.sed the E911 Doc.u.ment to Henry Kluepfel.

Kluepfel, a veteran expert witness in telecommunications fraud and computer-fraud cases, had certainly seen worse trouble than this.

He recognized the doc.u.ment for what it was: a trophy from a hacker break-in.

However, whatever harm had been done in the intrusion was presumably old news.

At this point there seemed little to be done. Kluepfel made a careful note of the circ.u.mstances and shelved the problem for the time being.

Whole months pa.s.sed.

February 1989 arrived. The Atlanta Three were living it up in Bell South's switches, and had not yet met their comeuppance.

The Legion was thriving. So was Phrack magazine.

A good six months had pa.s.sed since Prophet's AIMSX break-in.

Prophet, as hackers will, grew weary of sitting on his laurels.

"Knight Lightning" and "Taran King," the editors of Phrack, were always begging Prophet for material they could publish.

Prophet decided that the heat must be off by this time, and that he could safely brag, boast, and strut.

So he sent a copy of the E911 Doc.u.ment--yet another one-- from Rich Andrews' Jolnet machine to Knight Lightning's BITnet account at the University of Missouri.

Let's review the fate of the doc.u.ment so far.

0. The original E911 Doc.u.ment. This in the AIMSX system on a mainframe computer in Atlanta, available to hundreds of people, but all of them, presumably, BellSouth employees. An unknown number of them may have their own copies of this doc.u.ment, but they are all professionals and all trusted by the phone company.

1. Prophet's illicit copy, at home on his own computer in Decatur, Georgia.

2. Prophet's back-up copy, stored on Rich Andrew's Jolnet machine in the bas.e.m.e.nt of Rich Andrews' house near Joliet Illinois.

3. Charles Boykin's copy on "Killer" in Dallas, Texas, sent by Rich Andrews from Joliet.

4. Jerry Dalton's copy at AT&T Corporate Information Security in New Jersey, sent from Charles Boykin in Dallas.

5. Henry Kluepfel's copy at Bellcore security headquarters in New Jersey, sent by Dalton.

6. Knight Lightning's copy, sent by Prophet from Rich Andrews' machine, and now in Columbia, Missouri.

We can see that the "security" situation of this proprietary doc.u.ment, once dug out of AIMSX, swiftly became bizarre. Without any money changing hands, without any particular special effort, this data had been reproduced at least six times and had spread itself all over the continent. By far the worst, however, was yet to come.