Page 036

Undergound. Go to Table of Contents.

   This is what John often heard at the other end of the phone.


   The network had grown into a rambling hodgepodge for which there was

   little central coordination. Worse, a number of computers at different

   NASA centres across the US had just been tacked onto SPAN without

   telling the main office at Goddard. People were calling up the ad-hoc

   crisis centre from computer nodes on the network which didn't even

   have names. These people had been practising a philosophy known in

   computer security circles as `security through obscurity'. They

   figured that if no-one knew their computer system existed--if it

   didn't have a name, if it wasn't on any list or map of the SPAN

   network--then it would be protected from hackers and other computer



   McMahon handled a number of phone calls from system managers saying,

   `There is something strange happening in my system here'. John's most

   basic question was, `Where is "here"?' And of course if the SPAN

   office didn't know those computer systems existed, it was a lot harder

   to warn their managers about the worm. Or tell them how to protect

   themselves. Or give them a worm-killing program once it was developed.

   Or help them seal up breached accounts which the worm was feeding back

   to its creator.


   It was such a mess. At times, McMahon sat back and considered who

   might have created this worm. The thing almost looked as though it had

   been released before it was finished. Its author or authors seemed to

   have a good collection of interesting ideas about how to solve

   problems, but they were never properly completed. The worm included a

   routine for modifying its attack strategy, but the thing was never

   fully developed. The worm's code didn't have enough error handling in

   it to ensure the creature's survival for long periods of time. And the

   worm didn't send the addresses of the accounts it had successfully

   breached back to the mailbox along with the password and account name.

   That was really weird. What use was a password and account name

   without knowing what computer system to use it on?


   On the other hand, maybe the creator had done this deliberately. Maybe

   he had wanted to show the world just how many computers the worm could

   successfully penetrate. The worm's mail-back program would do this.

   However, including the address of each infected site would have made

   the admins' jobs easier. They could simply have used the GEMPAK

   collection as a hitlist of infected sites which needed to be

   de-wormed. The possible theories were endless.


   There were some points of brilliance in the worm, some things that

   McMahon had never considered, which was impressive since he knew a lot

   about how to break into VMS computers. There was also considerable

   creativity, but there wasn't any consistency. After the worm incident,

   various computer security experts would hypothesise that the WANK worm

   had in fact been written by more than one person. But McMahon

   maintained his view that it was the work of a single hacker.


   It was as if the creator of the worm started to pursue an idea and

   then got sidetracked or interrupted. Suddenly he just stopped writing

   code to implement that idea and started down another path, never again

   to reach the end. The thing had a schizophrenic structure. It was all

   over the place.


   McMahon wondered if the author had done this on purpose, to make it

   harder to figure out exactly what the worm was capable of doing.