Page 210


Undergound. Go to Table of Contents.

   computer looks over the first machine and asks itself

   a few questions. What's the name of the incoming machine?

   Is that name allowed to connect to me? In what ways am I

   programmed to `trust' that machine--to wave my normal security for

   connections from that system?

  

   The receiving computer answers these questions based in large part on

   information provided by NIC. All of which means that, by controlling

   NIC, you could make any computer on the Net `pose' as a machine

   trusted by a computer you might want to hack. Security often depended

   on a computer's name, and NIC effectively controlled that name.

  

   When Prime Suspect managed to get inside NIC's sister system, he told

   Mendax and gave him access to the computer. Each hacker then began his

   own attack on NIC. When Mendax finally got root on NIC, the power was

   intoxicating. Prime Suspect got root at the same time but using a

   different method. They were both in.

  

   Inside NIC, Mendax began by inserting a backdoor--a method of getting

   back into the computer at a later date in case an admin repaired the

   security flaws the hackers had used to get into the machine. From now

   on, if he telnetted into the system's Data Defense Network (DDN)

   information server and typed `login 0' he would have instant,

   invisible root access to NIC.

  

   That step completed, he looked around for interesting things to read.

   One file held what appeared to be a list of satellite and microwave

   dish coordinates--longitude, latitudes, transponder frequencies. Such

   coordinates might in theory allow someone to build a complete map of

   communications devices which were used to move the DOD's computer data

   around the world.

  

   Mendax also penetrated MILNET's Security Coordination Center, which

   collected reports on every possible security incident on a MILNET

   computer. Those computers--largely TOPS-20s made by DEC--contained

   good automatic security programs. Any number of out-of-the-ordinary

   events would trigger an automatic security report. Someone logging

   into a machine for too long. A large number of failed login attempts,

   suggesting password guessing. Two people logging into the same account

   at the same time. Alarm bells would go off and the local computer

   would immediately send a security violation report to the MILNET

   security centre, where it would be added to the `hot list'.

  

   Mendax flipped through page after page of MILNET's security reports on

   his screen. Most looked like nothing--MILNET users accidentally

   stumbling over a security tripwire--but one notice from a US military

   site in Germany stood out. It was not computer generated. This was

   from a real human being. The system admin reported that someone had

   been repeatedly trying to break into his or her machine, and had

   eventually managed to get in. The admin was trying, without much luck,

   to trace back the intruder's connection to its point of origin. Oddly,

   it appeared to originate in another MILNET system.

  

   Riffling through other files, Mendax found mail confirming that the

   attack had indeed come from inside MILNET. His eyes grew wide as he

   read on. US military hackers had broken into MILNET systems, using

   them for target practice, and no-one had bothered to tell the system

   admin at the target site.

  

   Mendax couldn't believe it. The US military was hacking its own