Page 222


Undergound. Go to Table of Contents.

   checking the logs which showed what the system operators had been

   doing. Mendax did this to make sure the NorTel officials were not onto

   IS and were not, for example, tracing the telephone call.

  

   Something was wrong. The logs showed that a NorTel system admin had

   stumbled upon one of their secret directories of files about an hour

   ago. Mendax couldn't figure out how he had found the files, but this

   was very serious. If the admin realised there was a hacker in the

   network he might call the AFP.

  

   Mendax used the logs of the korn shell, called KSH, to secretly watch

   what the admin was doing. The korn shell records the history of

   certain user activities. Whenever the admin typed a command into the

   computer, the KSH stored what had been typed in the history file.

   Mendax accessed that file in such a way that every line typed by the

   admin appeared on his computer a split second later.

  

   The admin began inspecting the system, perhaps looking for signs of an

   intruder. Mendax quietly deleted his incriminating directory. Not

   finding any additional clues, the admin decided to inspect the

   mysterious directory more closely. But the directory had disappeared.

   The admin couldn't believe his eyes. Not an hour before there had been

   a suspicious-looking directory in his system and now it had simply

   vanished. Directories didn't just dissolve into thin air. This was a

   computer--a logical system based on 0s and 1s. It didn't make

   decisions to delete directories.

  

   A hacker, the admin thought. A hacker must have been in the NorTel

   system and deleted the directory. Was he in the system now? The admin

   began looking at the routes into the system.

   

   The admin was connected to the system from his home, but he wasn't

   using the same dial-up lines as the hacker. The admin was connected

   through Austpac, Telecom's commercial X.25 data network. Perhaps the

   hacker was also coming in through the X.25 connection.

  

   Mendax watched the admin inspect all the system users coming on over

   the X.25 network. No sign of a hacker. Then the admin checked the logs

   to see who else might have logged on over the past half hour or so.

   Nothing there either.

  

   The admin appeared to go idle for a few minutes. He was probably

   staring at his computer terminal in confusion. Good, thought Mendax.

   Stumped. Then the admin twigged. If he couldn't see the hacker's

   presence on-line, maybe he could see what he was doing on-line. What

   programs was the hacker running? The admin headed straight for the

   process list, which showed all the programs being run on the computer

   system.

  

   Mendax sent the admin a fake error signal. It appears to the admin as

   if his korn shell had crashed. The admin re-logged in and headed

   straight for the process list again.

  

   Some people never learn, Mendax thought as he booted the admin off

   again with another error message:

  

                          Segmentation violation.

  

   The admin came back again. What persistence. Mendax knocked the admin

   off once more, this time by freezing up his computer screen.