Page 309


Undergound. Go to Table of Contents.

   is not that I dislike the theory but computer security in real life is

   much different from theory'. Libraries also have trouble keeping pace

   with the rate of technological change, SKiMo said. `Possibly, it is

   also just the satisfaction of knowing that what I learn is

   proprietary--is "inside knowledge",' he added. There could, he said,

   be some truth in the statement that he likes learning in an

   adrenalin-inducing environment.

  

   Is he addicted to computers? SKiMo says no, but the indications are

   there. By his own estimate, he has hacked between 3000 and 10000

   computers in total. His parents--who have no idea what their son was

   up to day and night on his computer--worry about his behaviour. They

   pulled the plug on his machine many times. In SKiMo's own words, `they

   tried everything to keep me away from it'.

  

   Not surprisingly, they failed. SKiMo became a master at hiding his

   equipment so they couldn't sneak in and take it away. Finally, when he

   got sick of battling them over it and he was old enough, he put his

   foot down. `I basically told them, "Diz is ma fuckin' life and none o'

   yer business, Nemo"--but not in those words.'

  

   SKiMo says he hasn't suffered from any mental illnesses or

   instabilities--except perhaps paranoia. But he says that paranoia is

   justified in his case. In two separate incidents in 1996, he believed

   he was being followed. Try as he might, he couldn't shake the tails

   for quite some time. Perhaps it was just a coincidence, but he can

   never really be sure.

  

   He described one hacking attack to me to illustrate his current

   interests. He managed to get inside the internal network of a German

   mobile phone network provider, DeTeMobil (Deutsche Telekom). A former

   state-owned enterprise which was transformed into a publicly listed

   corporation in January 1995, Deutsche Telekom is the largest

   telecommunications company in Europe and ranks number three in the

   world as a network operator. It employs almost a quarter of a million

   people. By revenue, which totalled about $A37 billion in 1995, it is

   one of the five largest companies in Germany.

  

   After carefully researching and probing a site, SKiMo unearthed a

   method of capturing the encryption keys generated for DeTeMobil's

   mobile phone conversations.

  

   He explained: `The keys are not fixed, in the sense that they are

   generated once and then stored in some database. Rather, a key is

   generated for each phone conversation by the company's AUC

   [authentication centre], using the "Ki" and a random value generated

   by the AUC. The Ki is the secret key that is securely stored on the

   smart card [inside the cellphone], and a copy is also stored in the

   AUC. When the AUC "tells" the cellphone the key for that particular

   conversation, the information passes through the company's MSC [mobile

   switching centre].

  

   `It is possible to eavesdrop on a certain cellphone if one actively

   monitors either the handovers or the connection set-up messages from

   the OMC [operations and maintenance centre] or if one knows the Ki in

   the smart card.

  

   `Both options are entirely possible. The first option, which relies on

   knowing the A5 encryption key, requires the right equipment. The

   second option, using the Ki, means you have to know the A3/A8