Page 219

Undergound. Go to Table of Contents.

   Queensland academic, Eric Young. The THC program worked about 30 times

   faster than it would have done using the standard algorithm.


   Using all 40 computers, Mendax was throwing as many as 40000 guesses

   per second against the password lists. A couple of the Suns went down

   under the strain, but most held their place in the onslaught. The

   secret passwords began dropping like flies. In just a few hours,

   Mendax had cracked 5000 passwords, some 100 of which were to root

   accounts. He now had access to thousands of NorTel computers across

   the globe.


   There were some very nice prizes to be had from these systems. Gain

   control over a large company's computer systems and you virtually

   controlled the company itself. It was as though you could walk through

   every security barrier unchecked, beginning with the front door. Want

   each employee's security codes for the office's front door? There it



   How about access to the company's payroll records? You could see how

   much money each person earns. Better still, you might like to make

   yourself an employee and pay yourself a tidy once-off bonus through

   electronic funds transfer. Of course there were other, less obvious,

   ways of making money, such as espionage.


   Mendax could have easily found highly sensitive information about

   planned NorTel products and sold them. For a company like NorTel,

   which spent more than $1 billion each year on research and

   development, information leaks about its new technologies could be

   devastating. The espionage wouldn't even have to be about new

   products; it could simply be about the company's business strategies.

   With access to all sorts of internal memos between senior executives,

   a hacker could procure precious inside information on markets and

   prices. A competitor might pay handsomely for this sort of



   And this was just the start of what a malicious or profit-motivated

   hacker could do. In many companies, the automated aspects of

   manufacturing plants are controlled by computers. The smallest changes

   to the programs controlling the machine tools could destroy an entire

   batch of widgets--and the multi-million dollar robotics machinery

   which manufactures them.


   But the IS hackers had no intention of committing information

   espionage. In fact, despite their poor financial status as students

   or, in the case of Trax, as a young man starting his career at the

   bottom of the totem pole, none of them would have sold information

   they gained from hacking. In their view, such behaviour was dirty and

   deserving of contempt--it soiled the adventure and was against their

   ethics. They considered themselves explorers, not paid corporate



   Although the NorTel network was firewalled, there was one link to the

   Internet. The link was through a system called

   BNRGATE, Bell-Northern Research's gateway to the Internet.

   Bell-Northern is NorTel's R&D subsidiary. The connection to the

   outside electronic world was very restricted, but it looked

   interesting. The only problem was how to get there.


   Mendax began hunting around for a doorway. His password cracking

   program had not turned up anything for this system, but there were