Page 028

Undergound. Go to Table of Contents.

   SPAN, wanted hourly reports on the crisis. At first the core team

   seemed only to include NASA people and to be largely based at Goddard.

   But as the day wore on, new people from other parts of the US

   government would join the team.


   The worm had spread outside NASA.


   It had also attacked the US Department of Energy's worldwide

   High-Energy Physics' Network of computers. Known as HEPNET, it was

   another piece of the overall SPAN network, along with Euro-HEPNET and

   Euro-SPAN. The NASA and DOE computer networks of DEC computers

   crisscrossed at a number of places. A research laboratory might, for

   example, need to have access to computers from both HEPNET and NASA

   SPAN. For convenience, the lab might just connect the two networks.

   The effect as far as the worm was concerned was that NASA's SPAN and

   DOE's HEPNET were in fact just one giant computer network, all of

   which the worm could invade.


   The Department of Energy keeps classified information on its

   computers. Very classified information. There are two groups in DOE:

   the people who do research on civilian energy projects and the people

   who make atomic bombs. So DOE takes security seriously, as in `threat

   to national security' seriously. Although HEPNET wasn't meant to be

   carrying any classified information across its wires, DOE responded

   with military efficiency when its computer managers discovered the

   invader. They grabbed the one guy who knew a lot about computer

   security on VMS systems and put him on the case: Kevin Oberman.


   Like McMahon, Oberman wasn't formally part of the computer security

   staff. He had simply become interested in computer security and was

   known in-house as someone who knew about VMS systems and security.

   Officially, his job was network manager for the engineering department

   at the DOE-financed Lawrence Livermore National Laboratory, or LLNL,

   near San Francisco.


   LLNL conducted mostly military research, much of it for the Strategic

   Defense Initiative. Many LLNL scientists spent their days designing

   nuclear arms and developing beam weapons for the Star Wars program.9

   DOE already had a computer security group, known as CIAC, the Computer

   Incident Advisory Capability. But the CIAC team tended to be experts

   in security issues surrounding Unix rather than VMS-based computer

   systems and networks. `Because there had been very few security

   problems over the years with VMS,' Oberman concluded, `they had never

   brought in anybody who knew about VMS and it wasn't something they

   were terribly concerned with at the time.'


   The worm shattered that peaceful confidence in VMS computers. Even as

   the WANK worm coursed through NASA, it was launching an aggressive

   attack on DOE's Fermi National Accelerator Laboratory, near Chicago. It

   had broken into a number of computer systems there and the Fermilab

   people were not happy. They called in CIAC, who contacted Oberman with

   an early morning phone call on 16 October. They wanted him to analyse

   the WANK worm. They wanted to know how dangerous it was. Most of all,

   they wanted to know what to do about it.


   The DOE people traced their first contact with the worm back to 14

   October. Further, they hypothesised, the worm had actually been

   launched the day before, on Friday the 13th. Such an inauspicious day

   would, in Oberman's opinion, have been in keeping with the type of

   humour exhibited by the creator or creators of the worm.