Page 047

Undergound. Go to Table of Contents.

   Surveillance du Territoire, or DST, jumped into the fray.


   DST and the FBI began working together on the case. A casual observer

   with the benefit of hindsight might see different motivations driving

   the two government agencies. The FBI wanted to catch the perpetrator.

   The DST wanted to make it clear that the infamous WANK worm attack on

   the world's most prestigious space agency did not originate in France.


   In the best tradition of cloak-and-dagger government agencies, the FBI

   and DST people established two communication channels--an official

   channel and an unofficial one. The official channel involved

   embassies, attachés, formal communiques and interminable delays in

   getting answers to the simplest questions. The unofficial channel

   involved a few phone calls and some fast answers.


   Ron Tencati had a colleague named Chris on the SPAN network in France,

   which was the largest user of SPAN in Europe. Chris was involved in

   more than just science computer networks. He had certain contacts in

   the French government and seemed to be involved in their computer

   networks. So, when the FBI needed technical information for its

   investigation--the kind of information likely to be sanitised by some

   embassy bureaucrat--one of its agents rang up Ron Tencati. `Ron, ask

   your friend this,' the FBI would say. And Ron would.


   `Chris, the FBI wants to know this,' Tencati would tell his colleague

   on SPAN France. Then Chris would get the necessary information. He

   would call Tencati back, saying, `Ron, here is the answer. Now, the

   DST wants to know that'. And off Ron would go in search of information

   requested by the DST.


   The investigation proceeded in this way, with each helping the other

   through backdoor channels. But the Americans' investigation was headed

   toward the inescapable conclusion that the attack on NASA had

   originated from a French computer. The worm may have simply travelled

   through the French computer from yet another system, but the French

   machine appeared to be the sole point of infection for NASA.


   The French did not like this outcome. Not one bit. There was no way

   that the worm had come from France. Ce n'est pas vrai.


   Word came back from the French that they were sure the worm had come

   from the US. Why else would it have been programmed to mail details of

   all computer accounts it penetrated around the world back to a US

   machine, the computer known as GEMPAK? Because the author of the worm

   was an American, of course! Therefore it is not our problem, the

   French told the Americans. It is your problem.


   Most computer security experts know it is standard practice among

   hackers to create the most tangled trail possible between the hacker

   and the hacked. It makes it very difficult for people like the FBI to

   trace who did it. So it would be difficult to draw definite

   conclusions about the nationality of the hacker from the location of a

   hacker's information drop-off point--a location the hacker no doubt

   figured would be investigated by the authorities almost immediately

   after the worm's release.


   Tencati had established the French connection from some computer logs

   showing NASA under attack very early on Monday, 16 October. The logs

   were important because they were relatively clear. As the worm had

   procreated during that day, it had forced computers all over the