Page 034

Undergound. Go to Table of Contents.

   The SPAN team didn't want to believe it, but the evidence was



   Todd Butler answered a call from one NASA site. It was a gloomy call.

   He hung up.


   `That node just got hit,' he told the team.


   `How bad?' McMahon asked.


   `A privileged account.'


   `Oh boy.' McMahon jumped onto one of the terminals and did a SET HOST,

   logging into the remote NASA site's machine. Bang. Up it came. `Your

   system has officially been WANKED.'


   McMahon turned to Butler. `What account did it get into?'


   `They think it was SYSTEM.'


   The tension quietly rolled into black humour. The team couldn't help

   it. The head-slapping stupidity of the situation could only be viewed

   as black comedy.


   The NASA site had a password of SYSTEM for their fully privileged

   SYSTEM account. It was so unforgivable. NASA, potentially the greatest

   single collection of technical minds on Earth, had such lax computer

   security that a computer-literate teenager could have cracked it wide

   open. The tall poppy was being cut down to size by a computer program

   resembling a bowl of spaghetti.


   The first thing any computer system manager learns in Computer

   Security 101 is never to use the same password as the username. It was

   bad enough that naive users might fall into this trap ... but a

   computer system manager with a fully privileged account.


   Was the hacker behind the worm malevolent? Probably not. If its

   creator had wanted to, he could have programmed the WANK worm to

   obliterate NASA's files. It could have razed everything in sight.


   In fact, the worm was less infectious than its author appeared to

   desire. The WANK worm had been instructed to perform

   several tasks which it didn't execute. Important parts of the worm

   simply didn't work. McMahon believed this failure to be accidental.

   For example, his analysis showed the worm was programmed to break into

   accounts by trying no password, if the account holder had left the

   password blank. When he disassembled the worm, however, he found that

   part of the program didn't work properly.


   Nonetheless, the fragmented and partly dysfunctional WANK worm was

   causing a major crisis inside several US government agencies. The

   thing which really worried John was thinking about what a seasoned DCL

   programmer with years of VMS experience could do with such a worm.

   Someone like that could do a lot of malicious damage. And what if the

   WANK worm was just a dry run for something more serious down the

   track? It was scary to contemplate.


   Even though the WANK worm did not seem to be intentionally evil, the

   SPAN team faced some tough times. McMahon's analysis turned up yet