Page 138


Undergound. Go to Table of Contents.

   What the hard-liners failed to understand was that world-class hackers

   like Electron could read the most oblique, carefully crafted Zardoz

   postings and, within a matter of days if not hours, work out exactly

   how to exploit the security hole hinted at in the text. After which

   they could just as easily have written a cookbook version of the

   security bug.

  

   Most good hackers had come across one or two issues of Zardoz in their

   travels, often while rummaging though the system administrator's mail

   on a prestigious institution's computer. But no-one from the elite of

   the Altos underground had a full archive of all the back issues. The

   hacker who possessed that would have details of every major security

   hole discovered by the world's best computer security minds since at

   least 1988.

  

   Like Zardoz, Deszip was well guarded. It was written by computer

   security expert Dr Matthew Bishop, who worked at NASA's Research

   Institute for Advanced Computer Science before taking up a teaching

   position at Dartmouth, an Ivy League college in New Hampshire. The

   United States government deemed Deszip's very fast encryption

   algorithms to be so important, they were classified as armaments. It

   was illegal to export them from the US.

  

   Of course, few hackers in 1990 had the sophistication to use weapons

   such as Zardoz and Deszip properly. Indeed, few even knew they

   existed. But Electron and Phoenix knew, along with a tiny handful of

   others, including Pad and Gandalf from Britain. Congregating on Altos

   in Germany, they worked with a select group of others carefully

   targeting sites likely to contain parts of their holy grail. They were

   methodical and highly strategic, piecing information together with

   exquisite, almost forensic, skill. While the common rabble of other

   hackers were thumping their heads against walls in brute-force attacks

   on random machines, these hackers spent their time hunting for

   strategic pressure points--the Achilles' heels of the computer

   security community.

  

   They had developed an informal hit list of machines, most of which

   belonged to high-level computer security gurus. Finding one or two

   early issues of Zardoz, Electron had combed through their postings

   looking not just on the surface--for the security bugs--but also

   paying careful attention to the names and addresses of the people

   writing articles. Authors who appeared frequently in Zardoz, or had

   something intelligent to say, went on the hit list. It was those

   people who were most likely to keep copies of Deszip or an archive of

   Zardoz on their machines.

  

   Electron had searched across the world for information about Deszip

   and DES (Data Encryption Standard), the original encryption program

   later used in Deszip. He hunted through computers at the University of

   New York, the US Naval Research Laboratories in Washington DC,

   Helsinki University of Technology, Rutgers University in New Jersey,

   Melbourne University and Tampere University in Finland, but the search

   bore little fruit. He found a copy of CDES, a public domain encryption

   program which used the DES algorithm, but not Deszip. CDES could be

   used to encrypt files but not to crack passwords.

  

   The two Australian hackers had, however, enjoyed a small taste of

   Deszip. In 1989 they had broken into a computer at Dartmouth College

   called Bear. They discovered Deszip carefully tucked away in a corner