Page 229

Undergound. Go to Table of Contents.



   More silence.


   Mendax thought how strange it was to be such good friends with

   someone, to work so closely with him, and yet to always run out of



   `OK, well, I better go. Things to do,' Mendax said in a friendly



   `Yeah, OK. Bye Mendax,' Prime Suspect said cheerfully.


   Mendax hung up.


   Prime Suspect hung up.


   And the AFP stayed on the line.


   In the twelve months following the initial line trace in late 1990,

   the AFP continued to monitor the RMIT dial-up lines. The line traces

   kept failing again and again. But as new reports of hacker attacks

   rolled in, there seemed to be a discernible pattern in many of the

   attacks. Detectives began to piece together a picture of their prey.


   In 1990 and 1991, RMIT dial-ups and computers were riddled with

   hackers, many of whom used the university's systems as a nest--a place

   to store files, and launch further attacks. They frolicked in the

   system almost openly, often using RMIT as a place to chat on-line with

   each other. The institute served as the perfect launchpad. It was only

   a local phone call away, it had a live Internet connection, a

   reasonably powerful set of computers and very poor security. Hacker



   The police knew this, and they asked computer staff to keep the

   security holes open so they could monitor hacker activity. With

   perhaps a dozen different hackers--maybe more--inside RMIT, the task

   of isolating a single cell of two or three organised hackers

   responsible for the more serious attacks was not going to be easy.


   By the middle of 1991, however, there was a growing reluctance among

   some RMIT staff to continue leaving their computers wide open. On 28

   August, Allan Young, the head of RMIT's Electronic Communications

   Group, told the AFP that the institute wanted to close up the security

   holes. The AFP did not like this one bit, but when they complained

   Young told them, in essence, go talk to Geoff Huston at AARNET and to

   the RMIT director.


   The AFP was being squeezed out, largely because they had taken so long

   conducting their investigation. RMIT couldn't reveal the AFP

   investigation to anyone, so it was being embarrassed in front of

   dozens of other research institutions which assumed it had no idea how

   to secure its computers. Allan Young couldn't go to a conference with

   other AARNET representatives without being hassled about `the hacker

   problem' at RMIT. Meanwhile, his computer staff lost time playing

   cops-and-robbers--and ignored their real work.


   However, as RMIT prepared to phase out the AFP traps, the police had a

   lucky break from a different quarter--NorTel. On 16 September, a line

   trace from a NorTel dial-up, initiated after a complaint about the